Skip to main content

Mem0

7 CVEs product

Monthly

CVE-2026-59705 CRITICAL PATCH Act Now

Unauthenticated data theft, tampering, and denial-of-service affects mem0's OpenMemory API server (openmemory/api component), where several API routers are mounted without any authentication middleware. Because CVSS 4.0 vector shows PR:N and CWE-306 (Missing Authentication for a Critical Function), remote attackers can pass arbitrary user_id values to read, overwrite, or delete any user's stored memories, and can trigger a global pause to break the service for everyone. Reported by VulnCheck with a vendor patch commit available; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Mem0
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-59706 CRITICAL PATCH Act Now

Sensitive information disclosure and server-side request forgery in mem0's self-hosted server let unauthenticated remote attackers steal stored LLM provider credentials and pivot into internal infrastructure. Because the /api/v1/config/ endpoints require no authentication (CWE-306), an attacker can GET plaintext secrets such as OpenAI API keys and PUT a malicious ollama_base_url to coerce the server into requesting internal-only addresses like cloud instance metadata (IMDS). CVSS 4.0 rates this 9.2 (Critical); there is no public exploit identified at time of analysis, but the attack is trivial and reported by VulnCheck.

Authentication Bypass SSRF Mem0
NVD GitHub
CVSS 4.0
9.2
EPSS
0.3%
CVE-2026-49948 HIGH POC PATCH This Week

Authorization bypass in Mem0 self-hosted server versions through 0.2.8 allows any authenticated holder of a distributed API key to overwrite the global LLM and embedder configuration via the POST /configure endpoint, redirecting all model traffic to an attacker-controlled server. The malicious configuration is persisted to PostgreSQL and survives restarts, affecting every user and API key on the instance. Publicly available exploit code exists and a vendor patch has been released in commit ae7f406.

Authentication Bypass PostgreSQL Mem0
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-31245 PyPI MEDIUM This Month

mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.

Authentication Bypass Mem0
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-31244 MEDIUM This Month

{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31243 MEDIUM This Month

mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7597 PyPI LOW POC PATCH Monitor

Unsafe pickle deserialization in mem0 up to version 1.0.11 allows authenticated remote attackers to execute arbitrary code via manipulation of the faiss.py vector store module. The vulnerability affects the pickle.load/pickle.dump functions used to serialize docstore data, enabling code execution with moderate impact (confidentiality, integrity, availability). Public exploit code is available, and vendor has released a patched version.

Deserialization Mem0
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated data theft, tampering, and denial-of-service affects mem0's OpenMemory API server (openmemory/api component), where several API routers are mounted without any authentication middleware. Because CVSS 4.0 vector shows PR:N and CWE-306 (Missing Authentication for a Critical Function), remote attackers can pass arbitrary user_id values to read, overwrite, or delete any user's stored memories, and can trigger a global pause to break the service for everyone. Reported by VulnCheck with a vendor patch commit available; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Mem0
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Sensitive information disclosure and server-side request forgery in mem0's self-hosted server let unauthenticated remote attackers steal stored LLM provider credentials and pivot into internal infrastructure. Because the /api/v1/config/ endpoints require no authentication (CWE-306), an attacker can GET plaintext secrets such as OpenAI API keys and PUT a malicious ollama_base_url to coerce the server into requesting internal-only addresses like cloud instance metadata (IMDS). CVSS 4.0 rates this 9.2 (Critical); there is no public exploit identified at time of analysis, but the attack is trivial and reported by VulnCheck.

Authentication Bypass SSRF Mem0
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Authorization bypass in Mem0 self-hosted server versions through 0.2.8 allows any authenticated holder of a distributed API key to overwrite the global LLM and embedder configuration via the POST /configure endpoint, redirecting all model traffic to an attacker-controlled server. The malicious configuration is persisted to PostgreSQL and survives restarts, affecting every user and API key on the instance. Publicly available exploit code exists and a vendor patch has been released in commit ae7f406.

Authentication Bypass PostgreSQL Mem0
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.

Authentication Bypass Mem0
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.

Authentication Bypass Denial Of Service Mem0
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Unsafe pickle deserialization in mem0 up to version 1.0.11 allows authenticated remote attackers to execute arbitrary code via manipulation of the faiss.py vector store module. The vulnerability affects the pickle.load/pickle.dump functions used to serialize docstore data, enabling code execution with moderate impact (confidentiality, integrity, availability). Public exploit code is available, and vendor has released a patched version.

Deserialization Mem0
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy