Home

Description

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-02-22 | Published 2026-02-23 | Updated 2026-02-23 | Assigner VulDB




LOW: 2.1CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.6CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 4.6CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.0AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Deserialization

Improper Input Validation

Product status

0.0.2
affected

Timeline

2026-02-22:Advisory disclosed
2026-02-22:VulDB entry created
2026-02-22:VulDB entry last update

Credits

edoardottt finder

edoardottt (VulDB User) reporter

edoardottt (VulDB User) analyst

References

vuldb.com/?id.347337 (VDB-347337 | datapizza-labs datapizza-ai cache.py RedisCache deserialization) vdb-entry technical-description

vuldb.com/?ctiid.347337 (VDB-347337 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.755363 (Submit #755363 | datapizza datapizza-ai v0.0.7 Unsafe Deserialization) third-party-advisory

github.com/...disclosure/blob/main/unsafe-deserialization.md related

github.com/...disclosure/blob/main/unsafe-deserialization.md exploit

cve.org (CVE-2026-2970)

nvd.nist.gov (CVE-2026-2970)

Download JSON