Unauthenticated Access Vulnerability in mem0 OpenMemory API Component
CVE-2026-59705
9.3CRITICAL
What is CVE-2026-59705?
The mem0 OpenMemory API component exhibits an unauthenticated access vulnerability, enabling attackers to read, write, and delete arbitrary user memories. This flaw arises due to API routers being registered without necessary authentication middleware. Unsanctioned parties can exploit this flaw by tampering with user_id parameters or accessing unsecured memory retrieval endpoints, leading to exposure of sensitive user data. Additionally, malicious actors can trigger pause endpoints with global_pause=true, causing a denial-of-service for all users, severely impacting service availability.
Affected Version(s)
mem0 0
