LOW
AkariAsai
CVE published 2026-07-13
CVE-2026-15535
A vulnerability was found in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. The issue affects the function Indexer.deserialize_from in retrieval_lm/src/index.py. Manipulation of index_meta.faiss can lead to deserialization. The attack may be launched remotely. Public exploit disclosed. Users of AkariAsai self-rag should review their deployments and apply mitigations as necessary. This [truncated]