Cyber Resilience

CVE-2026-2970

LowPublic PoC

Published: 23 February 2026

Published
23 February 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 10.9th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2970 is a low-severity Improper Input Validation (CWE-20) vulnerability in Datapizza Datapizza Ai. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Data Processing Libraries; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-2970 is a deserialization vulnerability in the RedisCache function within the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py of the datapizza-labs datapizza-ai version 0.0.2. The issue falls under CWE-20 (Improper Input Validation) and CWE-502 (Deserialization of Untrusted Data), with a CVSS v3.1 base score of 4.6 (AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2026-02-23.

An adjacent network attacker (AV:A) with low privileges (PR:L) can exploit this vulnerability despite its high attack complexity (AC:H) and no requirement for user interaction (UI:N). Successful exploitation enables limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) within the unchanged scope (S:U), potentially allowing unauthorized data manipulation or minor disruptions through crafted deserialization payloads.

Advisories, including those on VulDB and a GitHub disclosure by hacktivesec, detail the vulnerability and provide a proof-of-concept exploit. The vendor was contacted early but has not responded or issued any patches or mitigations.

The exploit has been publicly disclosed and may be usable, though exploitation is considered difficult due to its complexity and network proximity requirements. No real-world exploitation in the wild has been reported.

EU & UK References

Vulnerability details

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated…

more

with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

AI Security AnalysisAI

AI Category
Data Processing Libraries
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Deserialization of untrusted data (CWE-502) in Redis cache component directly enables exploitation of the remote service; crafted payloads can lead to Python code execution or data manipulation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2969Same product: Datapizza Datapizza Ai
CVE-2026-28277Shared CWE-502
CVE-2026-2555Shared CWE-20, CWE-502
CVE-2026-49121Shared CWE-502
CVE-2024-14021Shared CWE-502
CVE-2025-56005Shared CWE-502
CVE-2025-62703Shared CWE-502
CVE-2026-41486Shared CWE-502
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2026-35337Shared CWE-502

Affected Assets

datapizza
datapizza ai
0.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs before deserialization in RedisCache, blocking the crafted payloads that trigger CWE-502.

preventdetect

Enforces integrity checks on cached objects and code paths, detecting or rejecting malicious serialized data before it is loaded.

prevent

Restricts adjacent-network access to the Redis cache component, raising the bar for the AV:A attack vector described in the CVE.

References