CVE-2026-11330
thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash
CVSS Score
3.6
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. Upgrading to version 12.0.0 is sufficient to fix this issue. Patch name: f32fda8b35e9fe9329f87da65c31149362a03f97. It is suggested to upgrade the affected component.
| CWE | CWE-328 CWE-327 |
| Vendor | thedotmack |
| Product | claude-mem |
| Published | Jun 5, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for thedotmack claude-mem
Be the first to know when new low vulnerabilities affecting thedotmack claude-mem are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
thedotmack / claude-mem
11.0.0 11.0.1
References
vuldb.com: https://vuldb.com/vuln/368870 vuldb.com: https://vuldb.com/vuln/368870/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11330 vuldb.com: https://vuldb.com/submit/832401 github.com: https://github.com/thedotmack/claude-mem/pull/1494 github.com: https://github.com/thedotmack/claude-mem/commit/f32fda8b35e9fe9329f87da65c31149362a03f97 github.com: https://github.com/thedotmack/claude-mem/releases/tag/v12.0.0 github.com: https://github.com/thedotmack/claude-mem/
Credits
๐ Dem00 (VulDB User)