CVE-2026-2970

low

Description

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?submit.755363

https://vuldb.com/?id.347337

https://vuldb.com/?ctiid.347337

https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md#poc

https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md

Details

Source: Mitre, NVD

Published: 2026-02-23

Updated: 2026-02-23

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low