Memory Management Service Vulnerability in mem0 Server by mem0ai
CVE-2026-31243

6.5MEDIUM

Key Information:

Vendor: mem0ai
Status: mem0
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-31243?

The mem0 server version 1.0.0 is vulnerable due to inadequate authentication and authorization controls that affect its memory reset and table re-creation functionalities. An attacker without authentication can send a DELETE request to the /memories endpoint, inadvertently triggering a reset operation that executes a CREATE TABLE SQL statement. This action can result in unintended table re-creation, disrupt the database schema, compromise data integrity, and even lead to denial of service within the memory management service.

References

https://github.com/mem0ai/mem0

https://www.notion.so/CVE-2026-31243-35d1e139318881c6a6cf...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31243 Data

JSON