CVE-2026-8319
Received Received - Intake
Resource Exhaustion in Cheshire Cat AI Agent

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulDB

Description
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-8319
EUVD
EUVD-2026-29202
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
aiwaves-cn agents to e8c4e3c2d19739d3dff59e577d1c97090cc15f59 (inc)
aiwaves-cn cheshire_cat_core *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-8319 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-8319 is a vulnerability in the aiwaves-cn agents, specifically in the cheshire_cat_core component's function recall_relevant_memories_to_working_memory within the stray_cat.py file. It allows an unauthenticated attacker to cause uncontrolled resource consumption by sending an excessively large message payload (e.g., 5,000,000 characters) to the /message endpoint.

This large payload causes the underlying Rust-based tiktoken encoding library to experience a stack overflow error, crashing the backend worker process and resulting in a Denial of Service (DoS). The application processes the payload without truncation or input size checks, making it vulnerable to remote exploitation.

Impact Analysis

The vulnerability can lead to a complete Denial of Service (DoS) of the affected application. An attacker can repeatedly send large payloads that crash backend worker processes or exhaust system resources.

This results in prolonged downtime, as containerized instances may terminate or the system may become unresponsive, disrupting normal operations and availability of the service.

Detection Guidance

This vulnerability can be detected by monitoring for unusually large payloads sent to the `/message` endpoint of the aiwaves-cn agents, specifically payloads with excessively large message sizes (e.g., around 5,000,000 characters). Such payloads cause resource exhaustion and backend crashes.

To detect exploitation attempts, you can monitor network traffic for large POST requests to the `/message` endpoint and check for backend worker process crashes or resource exhaustion events.

Example commands to detect large payloads or resource issues might include:

  • Using network monitoring tools like tcpdump or Wireshark to filter for large HTTP POST requests to `/message`.
  • Using command line tools to check for large request sizes in logs, e.g., `grep '/message' access.log | awk '{print length($0)}' | sort -nr | head` to find large requests.
  • Monitoring system resource usage with commands like `top`, `htop`, or `ps` to detect crashes or high resource consumption of the backend worker processes.
  • Checking application logs for stack overflow errors or crashes related to the `stray_cat.py` component or the `cheshire_cat_core` package.
Mitigation Strategies

Immediate mitigation steps include implementing input size validation and limiting the size of messages accepted by the `/message` endpoint to prevent excessively large payloads from being processed.

Additionally, monitoring and rate-limiting incoming requests to reduce the risk of resource exhaustion attacks is recommended.

If possible, temporarily disabling or restricting access to the vulnerable endpoint until a patch or update is available can help reduce exposure.

Since the project follows a rolling release approach and has not yet responded to the issue, staying updated with the official repository for patches or fixes is important.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart