Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss.
AnalysisAI
Unauthenticated remote attackers can modify or delete arbitrary memory records in mem0 1.0.0 server by directly calling unprotected API endpoints including PUT /memories/{memory_id}. The vulnerability stems from complete absence of authentication and authorization controls on critical memory management functions, allowing data manipulation and loss without any verification of requester identity. EPSS score of 0.06% (18th percentile) indicates low exploitation probability in the wild, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Technical ContextAI
Mem0 is an AI memory management server that provides API endpoints for storing and managing memory records. The vulnerability is rooted in CWE-306 (Missing Authentication for Critical Function), where the server exposes RESTful API endpoints-specifically PUT /memories/{memory_id} and likely related GET, POST, and DELETE endpoints-without implementing any authentication middleware or authorization checks. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms network-accessible endpoints with no authentication requirement (PR:N) and low attack complexity. This design flaw allows any network-accessible client to perform CRUD operations on the memory database without presenting credentials, violating fundamental API security principles. The integrity-only impact (I:H) with no confidentiality or availability impact in CVSS suggests the primary risk is unauthorized modification rather than data exfiltration or service disruption, though description mentions potential data loss through deletion operations.
RemediationAI
Upgrade to a patched version of mem0 beyond 1.0.0 when released by the vendor; monitor the GitHub repository at https://github.com/mem0ai/mem0 for security updates and release announcements. No vendor advisory with specific fix version has been published at time of analysis, so patched version number cannot be confirmed. Until a patch is available, implement network-level access controls: restrict mem0 API endpoints to trusted internal networks only using firewall rules or network segmentation, blocking external access to TCP ports used by the server (typically 8080 or configured port). Deploy a reverse proxy with authentication middleware (such as nginx with HTTP Basic Auth, OAuth2 Proxy, or API gateway with token validation) in front of the mem0 server to enforce authentication before requests reach vulnerable endpoints-this adds latency and operational complexity but provides immediate protection. Alternatively, bind mem0 server to localhost interface only (127.0.0.1) and require all access through authenticated application layers, though this prevents legitimate distributed deployments. Monitor server access logs for unexpected PUT/DELETE requests to /memories/* endpoints as potential exploitation attempts. Each workaround trades deployment flexibility or performance for security-choose based on operational requirements and threat model.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29563
GHSA-jfv9-68m5-gjjr