Deserialization Vulnerability in mem0ai mem0 Software
CVE-2026-7597

5.3MEDIUM

Key Information:

Vendor: Mem0ai
Status: Mem0
Vendor: CVE Published:; 1 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-7597?

A deserialization vulnerability exists in the mem0ai mem0 software, specifically affecting versions up to 1.0.11. The issue arises within the pickle.load and pickle.dump functions located in mem0/vector_stores/faiss.py. Attackers can exploit this vulnerability remotely, allowing for unauthorized actions to be taken. The vulnerability has been made public, emphasizing the need for immediate attention. Users are advised to apply the patch available under commit 62dca096f9236010ca15fea9ba369ba740b86b7a to mitigate potential risks.

Affected Version(s)

mem0 1.0.0

mem0 1.0.1

mem0 1.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7597 - Proof of Concept

References

https://vuldb.com/vuln/360550

vdb-entrytechnical-description

https://vuldb.com/vuln/360550/cti

signaturepermissions-required

https://vuldb.com/submit/805562

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 1, 2026
👾
Exploit known to exist
May 1, 2026
Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

Credit

edoardottt (VulDB User)

CVE-2026-7597 Data

JSON

Mem0ai