Weak Hash Vulnerability in ForceInjection AI-fundermentals by ForceInjection
CVE-2026-14630

2.3LOW

Key Information:

Vendor
CVE Published:
4 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-14630?

A vulnerability in the ForceInjection AI-fundermentals product, specifically affecting the get_conversation_history function of the Memory Recall Handler component, allows for weak hash usage. This flaw may enable remote exploitation, although executing the attack is complex and challenging. Recent updates mandate session ownership verification in strategic methods. Patch f57277fdd9ba373ace72d83c272023ec67f720d6 addresses the issue, enhancing security by integrating verified user identity into session management.

Affected Version(s)

AI-fundermentals 2.0

AI-fundermentals 3.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem00000 (VulDB User)
VulDB CNA Team
.