Unauthenticated Access Vulnerability in mem0 OpenMemory API Component
CVE-2026-59705

9.3CRITICAL

Key Information:

Vendor

Mem0

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-59705?

The mem0 OpenMemory API component exhibits an unauthenticated access vulnerability, enabling attackers to read, write, and delete arbitrary user memories. This flaw arises due to API routers being registered without necessary authentication middleware. Unsanctioned parties can exploit this flaw by tampering with user_id parameters or accessing unsecured memory retrieval endpoints, leading to exposure of sensitive user data. Additionally, malicious actors can trigger pause endpoints with global_pause=true, causing a denial-of-service for all users, severely impacting service availability.

Affected Version(s)

mem0 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Chen
.