Authentication and Authorization Flaw in mem0 Memory Management API
CVE-2026-31240

7.5HIGH

Key Information:

Vendor: mem0ai
Status: mem0
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-31240?

The mem0 1.0.0 server contains a severe vulnerability in its memory management API endpoints due to the lack of proper authentication and authorization controls. This oversight exposes sensitive functions such as updating memory records (PUT /memories/{memory_id}) to unauthenticated requests. Malicious actors can exploit this weakness to send unauthorized requests, allowing them to modify, overwrite, or delete arbitrary memory records. Such unauthorized access poses significant risks, including data manipulation and potential data loss, making it imperative for users to apply necessary patches and enforce robust security practices.

References

https://github.com/mem0ai/mem0

https://www.notion.so/CVE-2026-31240-35d1e13931888170964a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31240 Data

JSON