Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-14630
Received
More InfoOfficial Page
Source-cna@vuldb.com
View Known Exploited Vulnerability (KEV) details
Published At-04 Jul, 2026 | 15:16
Updated At-04 Jul, 2026 | 15:16

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/smart_customer_service.py of the component Memory Recall Handler. The manipulation leads to use of weak hash. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is f57277fdd9ba373ace72d83c272023ec67f720d6. It is suggested to install a patch to address this issue. The project confirms (translated from Chinese): "We now require session ownership verification in methods such as `username`, `sessionowner`, etc., and we've chat()changed the generation of `sessionowner` to include verified user identity and security context metadata."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.01.3LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary2.02.1LOW
AV:N/AC:H/Au:S/C:P/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 1.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:N/AC:H/Au:S/C:P/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-327Primarycna@vuldb.com
CWE-328Primarycna@vuldb.com
CWE ID: CWE-327
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-328
Type: Primary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ForceInjection/AI-fundamentals/commit/f57277fdd9ba373ace72d83c272023ec67f720d6cna@vuldb.com
N/A
https://github.com/ForceInjection/AI-fundamentals/issues/17cna@vuldb.com
N/A
https://github.com/ForceInjection/AI-fundamentals/pull/18cna@vuldb.com
N/A
https://vuldb.com/cve/CVE-2026-14630cna@vuldb.com
N/A
https://vuldb.com/submit/845672cna@vuldb.com
N/A
https://vuldb.com/vuln/376146cna@vuldb.com
N/A
https://vuldb.com/vuln/376146/cticna@vuldb.com
N/A
Hyperlink: https://github.com/ForceInjection/AI-fundamentals/commit/f57277fdd9ba373ace72d83c272023ec67f720d6
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/ForceInjection/AI-fundamentals/issues/17
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/ForceInjection/AI-fundamentals/pull/18
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/cve/CVE-2026-14630
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/845672
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/376146
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/376146/cti
Source: cna@vuldb.com
Resource: N/A
Change History
0Changes found

Details not found