CVE-2026-11330

Description

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. Upgrading to version 12.0.0 is sufficient to fix this issue. Patch name: f32fda8b35e9fe9329f87da65c31149362a03f97. It is suggested to upgrade the affected component.

PUBLISHED Reserved 2026-06-05 | Published 2026-06-05 | Updated 2026-06-08 | Assigner VulDB

Problem types

Use of Weak Hash

Risky Cryptographic Algorithm

Product status

Timeline

Credits

Dem00 (VulDB User) reporter

References

vuldb.com/vuln/368870 (VDB-368870 | thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash) vdb-entry technical-description

vuldb.com/vuln/368870/cti (VDB-368870 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11330 (CVE-2026-11330 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/832401 (Submit #832401 | thedotmack claude-mem v10.4.0 - Improper content hash construction - Field-boundary ambiguity) third-party-advisory

github.com/thedotmack/claude-mem/pull/1494 issue-tracking patch

github.com/...ommit/f32fda8b35e9fe9329f87da65c31149362a03f97 patch

github.com/thedotmack/claude-mem/releases/tag/v12.0.0 patch

github.com/thedotmack/claude-mem/ product

cve.org (CVE-2026-11330)

nvd.nist.gov (CVE-2026-11330)

Download JSON