Skip to main content

mem0 OpenMemory CVE-2026-59705

| EUVDEUVD-2026-42126 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-07-07 VulnCheck GHSA-xgj7-grxr-prrp
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.8 CRITICAL

Missing authentication on network-reachable endpoints gives AV:N/AC:L/PR:N/UI:N; arbitrary read/write/delete and global pause yield C:H/I:H/A:H with unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 23:20 vuln.today

DescriptionCVE.org

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.

AnalysisAI

Unauthenticated data theft, tampering, and denial-of-service affects mem0's OpenMemory API server (openmemory/api component), where several API routers are mounted without any authentication middleware. Because CVSS 4.0 vector shows PR:N and CWE-306 (Missing Authentication for a Critical Function), remote attackers can pass arbitrary user_id values to read, overwrite, or delete any user's stored memories, and can trigger a global pause to break the service for everyone. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate exposed OpenMemory API
Delivery
Send unauthenticated request to memory endpoint
Exploit
Supply arbitrary user_id or set global_pause=true
Execution
Read/modify/delete victim memories or halt service
Impact
Sensitive data disclosure and DoS

Vulnerability AssessmentAI

Exploitation The attacker only needs network reachability to the OpenMemory API server (openmemory/api); consistent with AV:N/AC:L/PR:N/UI:N there is no authentication, no user interaction, and no special client configuration required against a default deployment where the API is network-exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to genuinely high risk rather than an inflated CVSS score: the CVSS 4.0 base is 9.3 with AV:N/AC:L/AT:N/PR:N/UI:N and full high impact to confidentiality, integrity, and availability (VC:H/VI:H/VA:H), meaning no authentication, no user interaction, and low complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a self-hosted OpenMemory API instance sends unauthenticated HTTP requests to the memory endpoints, iterating or guessing user_id values to dump, modify, or delete other users' stored memories containing private conversational data. In a second scenario the attacker issues a single request to the pause endpoint with global_pause=true, halting memory operations for every user of the instance. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the vendor fix from commit https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514 by upgrading to a build that includes it and consult https://github.com/mem0ai/mem0/issues/6080 and the VulnCheck advisory (https://www.vulncheck.com/advisories/mem0-openmemory-api-unauthenticated-access-via-memory-endpoints) to confirm the exact release tag. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all mem0 OpenMemory API deployments; obtain and apply available vendor patch to openmemory/api component across all instances. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59705 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy