Skip to main content

self-rag CVE-2026-15535

| EUVDEUVD-2026-43280 LOW
Deserialization of Untrusted Data (CWE-502)
2026-07-13 VulDB GHSA-xp65-m377-m42w
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-reachable deserialization requiring low-privilege file supply access; impact limited to process-level confidentiality, integrity, and availability with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 13, 2026 - 06:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 06:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 13, 2026 - 05:51 vuln.today

DescriptionCVE.org

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component retrieval_lm. Executing a manipulation of the argument index_meta.faiss can lead to deserialization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Unsafe deserialization in AkariAsai self-rag's Indexer.deserialize_from function exposes any deployment that processes externally supplied FAISS index files to potential arbitrary code execution. The vulnerability resides in retrieval_lm/src/index.py and is triggered when the index_meta.faiss argument is manipulated with a crafted payload - a classic CWE-502 pattern where Python's serialization routines (typically pickle) blindly instantiate attacker-controlled objects. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged access to service
Delivery
Craft malicious pickle-embedded .faiss file
Exploit
Supply or substitute index_meta.faiss file
Execution
Trigger Indexer.deserialize_from call
Impact
Execute arbitrary code in process context

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to control or substitute the `index_meta.faiss` file consumed by `Indexer.deserialize_from` in `retrieval_lm/src/index.py`. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) rates this as medium severity (5.3), and several signals support treating it as a measured rather than critical priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated or low-privileged user with the ability to supply or substitute a FAISS index file - for example, through a shared storage path or an API endpoint that accepts index bundles - crafts a malicious `index_meta.faiss` file embedding a pickle payload that spawns a reverse shell. When the self-rag service calls `Indexer.deserialize_from` with this file, Python's deserialization routine executes the embedded payload in the context of the running process. …
Remediation The primary fix is to apply the upstream patch submitted in GitHub pull request #106 (https://github.com/AkariAsai/self-rag/pull/106); however, as the project maintainer had not responded at time of disclosure, this PR's merge status must be independently verified before relying on it. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15535 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy