Skip to main content

mem0 CVE-2026-59706

| EUVDEUVD-2026-42106 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-07-07 VulnCheck GHSA-225m-p565-9h68
9.2
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.3 CRITICAL

Unauthenticated remote endpoint (PR:N/AC:L) leaks API keys (C:H) and SSRF reaches internal systems, changing scope (S:C); config write gives limited integrity impact (I:L).

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 22:00 vuln.today

DescriptionCVE.org

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

AnalysisAI

Sensitive information disclosure and server-side request forgery in mem0's self-hosted server let unauthenticated remote attackers steal stored LLM provider credentials and pivot into internal infrastructure. Because the /api/v1/config/ endpoints require no authentication (CWE-306), an attacker can GET plaintext secrets such as OpenAI API keys and PUT a malicious ollama_base_url to coerce the server into requesting internal-only addresses like cloud instance metadata (IMDS). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover exposed mem0 config API
Delivery
GET /api/v1/config/ to read plaintext keys
Exploit
PUT ollama_base_url to internal IMDS
Execution
Server issues SSRF request
Impact
Harvest credentials and pivot internally

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the mem0 server's config API - no authentication, no user interaction, and default configuration per PR:N/UI:N/AC:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine high priority, not an inflated CVSS number. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-exposed mem0 server sends GET /api/v1/config/ and receives the stored OpenAI (or other provider) API key in plaintext, then reuses it to run up charges or access the victim's LLM account. In a cloud deployment, the attacker instead sends PUT /api/v1/config/mem0/llm setting ollama_base_url to http://169.254.169.254/latest/meta-data/, causing the server to fetch instance metadata and potentially leak cloud credentials. …
Remediation Upstream fix available (PR/commit); a released patched version is not independently confirmed from the available data - apply the vendor fix in commit a3154d59e52386d4e1189c1f5f44819868f76514 (https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514) by upgrading to a build that includes it, and consult the VulnCheck advisory and issue #6081 for guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Search mem0 access logs for requests to /api/v1/config/ endpoints to identify unauthorized access; isolate affected servers if evidence of compromise is found. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy