๐Ÿ” CVE Alert

CVE-2026-15535

MEDIUM 6.3

AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization

CVSS Score
6.3
EPSS Score
0.2%
EPSS Percentile
16th

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component retrieval_lm. Executing a manipulation of the argument index_meta.faiss can lead to deserialization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-502 CWE-20
Vendor akariasai
Product self-rag
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for akariasai self-rag

Be the first to know when new medium vulnerabilities affecting akariasai self-rag are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

AkariAsai / self-rag
1fcdc420e48f50a7d7ab1ece5494221b93252e99

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377885 vuldb.com: https://vuldb.com/vuln/377885/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15535 vuldb.com: https://vuldb.com/submit/854999 github.com: https://github.com/AkariAsai/self-rag/issues/105 github.com: https://github.com/AkariAsai/self-rag/pull/106 github.com: https://github.com/AkariAsai/self-rag/

Credits

๐Ÿ” Dem00000 (VulDB User) VulDB CNA Team