PatchSiren

EverMind-AI CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH EverMind-AI CVE published 2026-07-10

CVE-2026-58499

CVE-2026-58499 is a high-severity path traversal vulnerability in EverOS, a memory runtime for agents. The vulnerability exists in the POST /api/v1/memory/add ingestion endpoint due to insufficient validation of the sender_id field, allowing an unauthenticated attacker to create or overwrite .md files outside the configured memory root. This issue is fixed in version 1.0.1. Users of EverOS, especially tho [truncated]