PatchSiren

AkariAsai CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW AkariAsai CVE published 2026-07-13

CVE-2026-15535

A vulnerability was found in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. The issue affects the function Indexer.deserialize_from in retrieval_lm/src/index.py. Manipulation of index_meta.faiss can lead to deserialization. The attack may be launched remotely. Public exploit disclosed. Users of AkariAsai self-rag should review their deployments and apply mitigations as necessary. This [truncated]