Filtered by vendor Mem0
Subscriptions
Filtered by product Mem0
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31245 | 2 Mem0, Mem0ai | 2 Mem0, Mem0 | 2026-05-14 | 5.3 Medium |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated POST requests to create malicious or spoofed memory entries in the database, leading to unauthorized data injection and potential data pollution. | ||||
| CVE-2026-31244 | 2 Mem0, Mem0ai | 2 Mem0, Mem0 | 2026-05-14 | 6.5 Medium |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated DELETE requests to remove any memory entry from the database, leading to unauthorized data loss and potential denial of service. | ||||
| CVE-2026-31243 | 2 Mem0, Mem0ai | 2 Mem0, Mem0 | 2026-05-14 | 6.5 Medium |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service. | ||||
| CVE-2026-31242 | 2 Mem0, Mem0ai | 2 Mem0, Mem0 | 2026-05-14 | 9.1 Critical |
| The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. This results in the deletion of the entire memory database table, causing catastrophic data loss and a complete denial of service for all users of the service. | ||||
| CVE-2026-31241 | 2 Mem0, Mem0ai | 2 Mem0, Mem0 | 2026-05-14 | 6.5 Medium |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g., user_id, run_id, agent_id) in the request query parameters. A remote attacker can exploit this by sending unauthenticated DELETE requests to erase memory data for any user, leading to unauthorized data loss and denial of service. | ||||
Page 1 of 1.