CVE-2026-2970

23.02.2026, 05:16

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.6 MEDIUM	ADJACENT_NETWORK	HIGH	LOW	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	4.6 MEDIUM				CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md

https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md#poc

https://vuldb.com/?ctiid.347337

https://vuldb.com/?id.347337

https://vuldb.com/?submit.755363