PT-2026-55707 · Forceinjection · Ai-Fundermentals
Dem00000
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14630
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ForceInjection AI-fundermentals versions 2.0 through 3.0
Description
The Memory Recall Handler component contains an issue where the
get conversation history() function in the 08 agentic system/memory/langchain/code/smart customer service.py file uses a weak hash. This allows for remote exploitation, although the attack requires a high degree of complexity and is considered difficult to execute.Recommendations
Install the patch f57277fdd9ba373ace72d83c272023ec67f720d6 for versions 2.0 through 3.0.
As a temporary mitigation, restrict access to the
get conversation history() function.Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ai-Fundermentals