Description
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
Published: 2026-05-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability exists in mem0ai mem0 up to version 1.0.11 in the faiss.py module where pickle.load and pickle.dump are used without input validation. An attacker can supply a crafted payload that triggers Python’s pickle deserialization, creating an unsafe deserialization flaw (CWE-20 and CWE-502). The vulnerability could allow execution of arbitrary code if the deserialized payload contains malicious objects, but the CVE description does not confirm that code execution has been demonstrated.

Affected Systems

The affected product is mem0ai mem0, specifically the faiss vector_store implementation bundled with versions up through 1.0.11. Users running these releases, especially those that expose the faiss module to untrusted input over the network, are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity. No EPSS score is publicly available, and the vulnerability is not listed in the CISA KEV catalog. The description confirms that the attack can be started remotely and that the exploit is publicly available, suggesting a non‑trivial risk to systems that accept external input. The presence of an available patch limits the window for exploitation and mitigates the risk if applied promptly.

Generated by OpenCVE AI on May 2, 2026 at 06:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch commit 62dca096f9236010ca15fea9ba369ba740b86b7a to mem0ai mem0 version 1.0.11 or later.
  • If upgrading is not immediately possible, restrict exposure by ensuring that the faiss.py module is only called with trusted, locally generated data and that no external input can reach the pickle.load or pickle.dump functions.
  • As a defensive measure, replace or remove the usage of Python's pickle for serialization in the mem0 implementation, or configure the module to use safer serialization alternatives.

Generated by OpenCVE AI on May 2, 2026 at 06:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
Title mem0ai mem0 faiss.py pickle.dump deserialization
Weaknesses CWE-20
CWE-502
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T21:15:11.399Z

Reserved: 2026-05-01T09:52:26.382Z

Link: CVE-2026-7597

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-01T22:16:16.713

Modified: 2026-05-01T22:16:16.713

Link: CVE-2026-7597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T07:00:06Z

Weaknesses