CVE-2026-8319: Resource Consumption in aiwaves-cn agents
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability exists in aiwaves-cn agents up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59, specifically in the recall_relevant_memories_to_working_memory function of core/cat/looking_glass/stray_cat.py in the cheshire_cat_core component. The issue causes excessive resource consumption, potentially leading to denial of service conditions. The vulnerability is remotely exploitable without privileges or user interaction. The project has not yet issued a fix or official remediation guidance, and the rolling release nature means no fixed version is currently identified. Public exploit code is available, increasing the risk of exploitation.
Potential Impact
Successful exploitation can cause resource exhaustion on affected systems, potentially leading to degraded performance or denial of service. Since the vulnerability can be triggered remotely without authentication, it poses a risk to availability. No evidence of active exploitation in the wild has been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should monitor for updates from the project. Until a fix is released, consider implementing network-level protections to limit exposure of the affected component to untrusted sources.
CVE-2026-8319: Resource Consumption in aiwaves-cn agents
Description
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in aiwaves-cn agents up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59, specifically in the recall_relevant_memories_to_working_memory function of core/cat/looking_glass/stray_cat.py in the cheshire_cat_core component. The issue causes excessive resource consumption, potentially leading to denial of service conditions. The vulnerability is remotely exploitable without privileges or user interaction. The project has not yet issued a fix or official remediation guidance, and the rolling release nature means no fixed version is currently identified. Public exploit code is available, increasing the risk of exploitation.
Potential Impact
Successful exploitation can cause resource exhaustion on affected systems, potentially leading to degraded performance or denial of service. Since the vulnerability can be triggered remotely without authentication, it poses a risk to availability. No evidence of active exploitation in the wild has been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should monitor for updates from the project. Until a fix is released, consider implementing network-level protections to limit exposure of the affected component to untrusted sources.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-11T13:18:34.721Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a022c3bcbff5d86104f7d98
Added to database: 5/11/2026, 7:21:31 PM
Last enriched: 5/11/2026, 7:37:45 PM
Last updated: 5/12/2026, 3:49:34 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.