Vulnerabilities ›

CVE-2026-8319

Medium

CWE-400 — Weakness Type

                    Published: May 11, 2026                      ·  Modified: May 14, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-8319 is a resource consumption vulnerability in aiwaves-cn agents affecting the recall_relevant_memories_to_working_memory function, allowing remote attackers to cause denial of service. The vulnerability has a CVSS score of 5.3 and affects systems using the cheshire_cat_core component.

📄 Description (Arabic)

تم تحديد ضعف في وكلاء aiwaves-cn يؤثر على وظيفة استدعاء الذاكرة ذات الصلة في المكون الأساسي للقط الشيشاير. يسمح هذا الضعف باستهلاك الموارد بشكل مفرط من خلال الاستغلال عن بعد. تم نشر الاستغلال علناً مما يزيد من خطر الهجمات الفعلية.

🤖 ملخص تنفيذي (AI)

هذا الثغرة تؤثر على وكلاء aiwaves-cn وتسمح بالاستهلاك المفرط للموارد من خلال دالة معينة في المكون الأساسي. يمكن استغلالها عن بعد وقد تم نشر الاستغلال علناً.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:20

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004 T1561.001

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update aiwaves-cn agents to the latest version beyond commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Implement rate limiting and resource quotas for the recall_relevant_memories_to_working_memory function. Monitor system resource usage patterns and implement network-level protections against resource exhaustion attacks. Contact the development team for security patches.

🔧 خطوات المعالجة (العربية)

قم بتحديث وكلاء aiwaves-cn إلى أحدث إصدار بعد الالتزام المحدد. طبق حدود معدل الطلب وحصص الموارد للدالة المتأثرة. راقب أنماط استخدام موارد النظام وطبق حماية على مستوى الشبكة ضد هجمات استنزاف الموارد.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.BE-5 PR.DS-4

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/aiwaves-cn/agents/

cna@vuldb.com

🔗

https://github.com/aiwaves-cn/agents/issues/219

cna@vuldb.com

🔗

https://vuldb.com/submit/811274

cna@vuldb.com

🔗

https://vuldb.com/vuln/362606

cna@vuldb.com

🔗

https://vuldb.com/vuln/362606/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-400

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-11

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-400

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8319

Introduce Yourself

Sign In Required