Authorization Flaw in mem0 Server by mem0 AI
CVE-2026-31244
6.5MEDIUM
What is CVE-2026-31244?
The mem0 1.0.0 server has a significant flaw in its memory deletion API endpoint (DELETE /memories/{memory_id}), which lacks proper authentication and authorization mechanisms. This oversight allows unauthorized users to send DELETE requests without verifying their identity. As a result, an attacker can exploit this vulnerability to remove critical memory records from the database, potentially leading to serious data loss and a denial of service. It is essential for users of this product to implement immediate security measures to safeguard against unauthorized data manipulation.
