๐Ÿ” CVE Alert

CVE-2026-14611

MEDIUM 4.3

DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.

CWE CWE-668 CWE-200
Vendor deepmyst
Product mysti
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for deepmyst mysti

Be the first to know when new medium vulnerabilities affecting deepmyst mysti are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

DeepMyst / Mysti
0.1 0.2 0.3 0.4.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376119 vuldb.com: https://vuldb.com/vuln/376119/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14611 vuldb.com: https://vuldb.com/submit/844651 github.com: https://github.com/DeepMyst/Mysti/issues/46 github.com: https://github.com/DeepMyst/Mysti/pull/49 github.com: https://github.com/DeepMyst/Mysti/commit/6d709229b5199f6769fb3cf763e5122dcc43c079 github.com: https://github.com/DeepMyst/Mysti/

Credits

๐Ÿ” Dem00000 (VulDB User)