Weak Hash Vulnerability in ForceInjection AI-fundermentals by ForceInjection
CVE-2026-14630
Key Information:
- Vendor
Forceinjection
- Status
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14630?
A vulnerability in the ForceInjection AI-fundermentals product, specifically affecting the get_conversation_history function of the Memory Recall Handler component, allows for weak hash usage. This flaw may enable remote exploitation, although executing the attack is complex and challenging. Recent updates mandate session ownership verification in strategic methods. Patch f57277fdd9ba373ace72d83c272023ec67f720d6 addresses the issue, enhancing security by integrating verified user identity into session management.
Affected Version(s)
AI-fundermentals 2.0
AI-fundermentals 3.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
