CVE Catalog

CVE-2026-14611

MediumCVSS 4.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

A vulnerability in the Per-Project Auto-Memory Handler component of DeepMyst Mysti up to version 0.4.0 exposes resources via manipulation of the workspacePath argument in the initProjectMemory function of MemoryManager.ts. The attack can be performed remotely.

Risk Assessment

The organization is at risk of remote exposure of sensitive project resources, potentially leading to data leakage and security breaches.

Recommendation

Immediately upgrade DeepMyst Mysti to version 0.4.0 or apply the patch with ID 6d709229b5199f6769fb3cf763e5122dcc43c079.

Original NVD description (English source)

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS