PatchSiren cyber security CVE debrief
CVE-2026-11330 thedotmack CVE debrief
A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult.
- Vendor
- thedotmack
- Product
- claude-mem
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of claude-mem up to version 11.0.1
Technical summary
The CVE-2026-11330 vulnerability is caused by the use of a weak hash in the computeObservationContentHash function of the src/services/sqlite/observations/store.ts file in thedotmack claude-mem up to version 11.0.1. This issue has been rated with a CVSS score of 2 and a CVSS severity of LOW.
Defensive priority
Low
Recommended defensive actions
- Upgrade to version 12.0.0 or later.
Evidence notes
Patch name: f32fda8b35e9fe9329f87da65c31149362a03f97.
Official resources
CVE-2026-11330 was published on 2026-06-05T14:16:35.457Z and modified on 2026-06-05T14:59:31.207Z.