Authorization Flaw in mem0 Server by mem0 AI
CVE-2026-31244

6.5MEDIUM

Key Information:

Vendor

mem0 AI

Vendor
CVE Published:
12 May 2026

What is CVE-2026-31244?

The mem0 1.0.0 server has a significant flaw in its memory deletion API endpoint (DELETE /memories/{memory_id}), which lacks proper authentication and authorization mechanisms. This oversight allows unauthorized users to send DELETE requests without verifying their identity. As a result, an attacker can exploit this vulnerability to remove critical memory records from the database, potentially leading to serious data loss and a denial of service. It is essential for users of this product to implement immediate security measures to safeguard against unauthorized data manipulation.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.