CVE-2026-7597
Deferred Deferred - Pending Action
Deserialization Flaw in mem0 AI Memory Manager

Publication date: 2026-05-01

Last updated on: 2026-05-05

Assigner: VulDB

Description
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7597
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mem0ai mem0 to 1.0.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the mem0ai mem0 software up to version 1.0.11, specifically in the pickle.load and pickle.dump functions within the file mem0/vector_stores/faiss.py. The issue arises from a manipulation that leads to unsafe deserialization, which can be exploited remotely.

Deserialization vulnerabilities occur when untrusted data is processed in a way that allows an attacker to execute arbitrary code or manipulate the program's behavior during the deserialization process.

The exploit for this vulnerability has been made public, increasing the risk of attacks, and a patch has been released to fix the issue.

Impact Analysis

This vulnerability can allow a remote attacker to perform malicious deserialization, potentially leading to unauthorized code execution or manipulation of the affected system.

Such an attack could compromise the confidentiality, integrity, and availability of the system or data handled by the vulnerable software.

The CVSS v3.1 score of 6.3 indicates a medium severity impact, meaning the vulnerability is significant but requires some level of privileges (PR:L) to exploit.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to apply the patch named 62dca096f9236010ca15fea9ba369ba740b86b7a.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart