Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Missing authentication on network-reachable endpoints gives AV:N/AC:L/PR:N/UI:N; arbitrary read/write/delete and global pause yield C:H/I:H/A:H with unchanged scope.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
AnalysisAI
Unauthenticated data theft, tampering, and denial-of-service affects mem0's OpenMemory API server (openmemory/api component), where several API routers are mounted without any authentication middleware. Because CVSS 4.0 vector shows PR:N and CWE-306 (Missing Authentication for a Critical Function), remote attackers can pass arbitrary user_id values to read, overwrite, or delete any user's stored memories, and can trigger a global pause to break the service for everyone. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker only needs network reachability to the OpenMemory API server (openmemory/api); consistent with AV:N/AC:L/PR:N/UI:N there is no authentication, no user interaction, and no special client configuration required against a default deployment where the API is network-exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to genuinely high risk rather than an inflated CVSS score: the CVSS 4.0 base is 9.3 with AV:N/AC:L/AT:N/PR:N/UI:N and full high impact to confidentiality, integrity, and availability (VC:H/VI:H/VA:H), meaning no authentication, no user interaction, and low complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a self-hosted OpenMemory API instance sends unauthenticated HTTP requests to the memory endpoints, iterating or guessing user_id values to dump, modify, or delete other users' stored memories containing private conversational data. In a second scenario the attacker issues a single request to the pause endpoint with global_pause=true, halting memory operations for every user of the instance. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - apply the vendor fix from commit https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514 by upgrading to a build that includes it and consult https://github.com/mem0ai/mem0/issues/6080 and the VulnCheck advisory (https://www.vulncheck.com/advisories/mem0-openmemory-api-unauthenticated-access-via-memory-endpoints) to confirm the exact release tag. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all mem0 OpenMemory API deployments; obtain and apply available vendor patch to openmemory/api component across all instances. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authorization bypass in Mem0 self-hosted server versions through 0.2.8 allows any authenticated holder of a distributed
Sensitive information disclosure and server-side request forgery in mem0's self-hosted server let unauthenticated remote
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected
Unsafe pickle deserialization in mem0 up to version 1.0.11 allows authenticated remote attackers to execute arbitrary co
mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject a
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42126
GHSA-xgj7-grxr-prrp