Resource Exposure Vulnerability in DeepMyst Mysti Due to MemoryManager Function
CVE-2026-14611

5.3MEDIUM

Key Information:

Vendor

Deepmyst

Status
Vendor
CVE Published:
3 July 2026

What is CVE-2026-14611?

A vulnerability exists in the DeepMyst Mysti application where manipulation of the 'workspacePath' argument in the 'initProjectMemory' function of the MemoryManager component can lead to unintended exposure of resources. This security issue is exploitable remotely and affects versions up to 0.4.0. Users are advised to upgrade to the patched version to mitigate this risk. The patch, identified by commit 6d709229b5199f6769fb3cf763e5122dcc43c079, effectively resolves the exposure issue.

Affected Version(s)

Mysti 0.1

Mysti 0.2

Mysti 0.3

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem00000 (VulDB User)
.