AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-11330: A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObserv

lowvulnerability

security

Source: NVD/CVE DatabaseJune 5, 2026CVE-2026-11330

Summary

A weakness was found in thedotmack claude-mem software (up to version 11.0.1) where the computeObservationContentHash function uses weak hash functions (cryptographic methods that are easy to break). The vulnerability can only be exploited by someone with local access to the system, and it requires significant technical skill to carry out an attack.

Solution / Mitigation

Upgrading to version 12.0.0 is sufficient to fix this issue. The patch is identified as f32fda8b35e9fe9329f87da65c31149362a03f97.

Vulnerability Details

CVSS Score

3.6(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

local

Attack Complexity

high

Privileges Required

low

User Interaction

none

Disclosure Date

June 5, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-327 CWE-328

CAPEC (Attack Pattern)

CAPEC-20

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-11330

First tracked: June 5, 2026 at 02:08 PM

Classified by LLM (prompt v3) · confidence: 30%