mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mem0
Mem0 mem0 |
|
| Vendors & Products |
Mem0
Mem0 mem0 |
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users. | |
| Title | mem0 - OpenMemory API Unauthenticated Access via Memory Endpoints | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-07T22:11:25.795Z
Reserved: 2026-07-06T15:31:46.187Z
Link: CVE-2026-59705
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T04:15:04Z