CVE-2026-14611
DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.
| CWE | CWE-668 CWE-200 |
| Vendor | deepmyst |
| Product | mysti |
| Published | Jul 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for deepmyst mysti
Be the first to know when new medium vulnerabilities affecting deepmyst mysti are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
DeepMyst / Mysti
0.1 0.2 0.3 0.4.0
References
vuldb.com: https://vuldb.com/vuln/376119 vuldb.com: https://vuldb.com/vuln/376119/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14611 vuldb.com: https://vuldb.com/submit/844651 github.com: https://github.com/DeepMyst/Mysti/issues/46 github.com: https://github.com/DeepMyst/Mysti/pull/49 github.com: https://github.com/DeepMyst/Mysti/commit/6d709229b5199f6769fb3cf763e5122dcc43c079 github.com: https://github.com/DeepMyst/Mysti/
Credits
๐ Dem00000 (VulDB User)