PyPI: mem0ai
CVE-2026-7597
Safety vulnerability ID: SFTY-20260502-70717
Safety legacy ID: pyup.io-98052
Affected versions of the mem0ai package are vulnerable to Deserialization of Untrusted Data due to the use of pickle.load and pickle.dump for serialising and deserialising vector store state. The faiss.py module within mem0/vector_stores/ reads serialised data using Python's pickle module without validating the source or integrity of the data, making it susceptible to arbitrary object injection through crafted pickle payloads. An authenticated remote attacker who can influence the serialised FAISS index data can supply a malicious pickle payload, resulting in arbitrary code execution within the context of the mem0ai process.
Overview
mem0ai mem0 has an Improper Input Validation Issue
Advisory
Affected versions of the mem0ai package are vulnerable to Deserialization of Untrusted Data due to the use of pickle.load and pickle.dump for serialising and deserialising vector store state. The faiss.py module within mem0/vector_stores/ reads serialised data using Python's pickle module without validating the source or integrity of the data, making it susceptible to arbitrary object injection through crafted pickle payloads. An authenticated remote attacker who can influence the serialised FAISS index data can supply a malicious pickle payload, resulting in arbitrary code execution within the context of the mem0ai process.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260502-70717/CVE-2026-7597
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7597
- https://github.com/advisories/GHSA-XQXW-R767-67M7 https://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7a
- https://nvd.nist.gov/vuln/detail/CVE-2026-7597
- https://github.com/mem0ai/mem0/issues/3778
- https://github.com/mem0ai/mem0/pull/4833
- https://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7a
- https://github.com/mem0ai/mem0
- https://vuldb.com/submit/805562
- https://vuldb.com/vuln/360550
- https://vuldb.com/vuln/360550/cti
- https://github.com/advisories/GHSA-xqxw-r767-67m7
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more