MEDIUM 6.3

GHSA-xqxw-r767-67m7

mem0ai mem0 has an Improper Input Validation Issue

Details

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mem0ai

Introduced in: 0 Fixed in: 2.0.0b2

Fix pip install --upgrade 'mem0ai>=2.0.0b2'

References

https://nvd.nist.gov/vuln/detail/CVE-2026-7597 [ADVISORY]
https://github.com/mem0ai/mem0/issues/3778 [WEB]
https://github.com/mem0ai/mem0/pull/4833 [WEB]
https://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7a [WEB]
https://github.com/mem0ai/mem0 [PACKAGE]
https://vuldb.com/submit/805562 [WEB]
https://vuldb.com/vuln/360550 [WEB]
https://vuldb.com/vuln/360550/cti [WEB]