← back
CVE-2026-7597

mem0ai mem0 faiss.py pickle.dump deserialization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-20CWE-502
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
mem0ai · mem0
public PoCs found1
cve_referencegithub.com/mem0ai/mem0/issues/3778unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/mem0ai/mem0/https://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7ahttps://github.com/mem0ai/mem0/issues/3778https://github.com/mem0ai/mem0/pull/4833https://vuldb.com/submit/805562https://vuldb.com/vuln/360550https://vuldb.com/vuln/360550/cti