Description
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the recall_relevant_memories_to_working_memory function of stray_cat.py within cheshire_cat_core. A crafted input can force the function to consume excessive resources, potentially leading to denial of service. The documented Remote Exploitation indicator suggests an attacker can trigger the flaw over the network. This weakness is identified as resource exhaustion (CWE‑400) and missing resource handling (CWE‑404).

Affected Systems

The affected product is aiwaves‑cn agents, specifically changes up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Because the project follows a rolling release model, no specific version numbers are listed, so users should treat the current release as potentially vulnerable until a fix is released.

Risk and Exploitability

With a CVSS score of 6.9 the flaw is considered moderate severity. The EPSS score is not available, so the exploitation likelihood cannot be quantified beyond the public availability of the exploit code. The vulnerability is not listed in CISA KEV. An attacker with remote access to the agents service could manipulate the input to the recall function, causing excessive CPU or memory usage and potentially disrupting the service.

Generated by OpenCVE AI on May 11, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade aiwaves‑cn agents to the latest release that includes the fix (no formal version number is supplied by the vendor);
  • Limit resources consumed by the recall_relevant_memories_to_working_memory operation through system resource quotas or container limits;
  • If possible, isolate the agents service behind a firewall or restrict remote access to the endpoint that triggers the function.

Generated by OpenCVE AI on May 11, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Aiwaves-cn
Aiwaves-cn agents
Vendors & Products Aiwaves-cn
Aiwaves-cn agents

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Title aiwaves-cn agents cheshire_cat_core stray_cat.py recall_relevant_memories_to_working_memory resource consumption
Weaknesses CWE-400
CWE-404
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Aiwaves-cn Agents
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-12T16:23:35.302Z

Reserved: 2026-05-11T13:18:34.721Z

Link: CVE-2026-8319

cve-icon Vulnrichment

Updated: 2026-05-12T16:23:28.315Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T20:25:48.180

Modified: 2026-05-12T16:38:54.943

Link: CVE-2026-8319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:22:29Z

Weaknesses