PYSEC-2026-2636

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mem0ai/PYSEC-2026-2636.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2636
Aliases
Published
2026-07-13T15:02:56.014161Z
Modified
2026-07-13T16:32:14.655870904Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
mem0ai mem0 has an Improper Input Validation Issue
Details

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.

References

Affected packages

PyPI / mem0ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0b2

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20rc1
0.0.20
0.0.21
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.16
0.1.17
0.1.18
0.1.19
0.1.20a0
0.1.20
0.1.21
0.1.22
0.1.23
0.1.24
0.1.25
0.1.26
0.1.27
0.1.28
0.1.29
0.1.30
0.1.31
0.1.32
0.1.33
0.1.34
0.1.35
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.41
0.1.42
0.1.43
0.1.44
0.1.45rc1
0.1.45
0.1.46
0.1.47
0.1.48
0.1.49
0.1.50
0.1.52
0.1.53
0.1.54
0.1.55
0.1.56
0.1.57
0.1.58
0.1.59
0.1.60
0.1.61
0.1.62
0.1.63
0.1.65
0.1.66
0.1.67
0.1.69
0.1.70
0.1.71
0.1.72
0.1.73
0.1.74
0.1.75
0.1.76
0.1.77
0.1.78a0
0.1.78a1
0.1.78a2
0.1.78
0.1.79
0.1.80
0.1.81a0
0.1.81a1
0.1.81a2
0.1.81
0.1.82
0.1.83
0.1.84a1
0.1.84
0.1.85
0.1.86
0.1.87
0.1.88
0.1.89
0.1.90
0.1.91
0.1.92
0.1.93
0.1.94
0.1.95
0.1.96rc1
0.1.96
0.1.97
0.1.98
0.1.99a0
0.1.99a1
0.1.99a2
0.1.99a3
0.1.99
0.1.100
0.1.101
0.1.102
0.1.103
0.1.104
0.1.106
0.1.107rc1
0.1.107rc2
0.1.107
0.1.108
0.1.109
0.1.110
0.1.111
0.1.112
0.1.113
0.1.114
0.1.115
0.1.116
0.1.117
0.1.118
1.*
1.0.0b0
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
2.*
2.0.0b0
2.0.0b1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mem0ai/PYSEC-2026-2636.yaml"