Back to overview

CVE-2026-14611

MEDIUM
4.3
CVSS 3.1
Description
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.

Metadata

CVE ID
CVE-2026-14611
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-03 14:09 UTC
Published
2026-07-03 21:00 UTC
Last updated
2026-07-03 21:00 UTC
Primary CWE
CWE-668
Exposure of Resource
Vendor / Product
DeepMyst / Mysti
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
DeepMyst Mysti 0.1, 0.2, 0.3, 0.4.0 …
Weakness (CWE)
CWESourceDescription
CWE-200 cna Information Disclosure
CWE-668 cna Exposure of Resource
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
4.0 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:OF/RC:C
References (8)
Back to overview