Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-31245 | 1 Mem0 | 1 Mem0 | 2026-05-14 | N/A | 5.3 MEDIUM |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated POST requests to create malicious or spoofed memory entries in the database, leading to unauthorized data injection and potential data pollution. | |||||
| CVE-2026-31244 | 1 Mem0 | 1 Mem0 | 2026-05-14 | N/A | 6.5 MEDIUM |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated DELETE requests to remove any memory entry from the database, leading to unauthorized data loss and potential denial of service. | |||||
| CVE-2026-31243 | 1 Mem0 | 1 Mem0 | 2026-05-14 | N/A | 6.5 MEDIUM |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service. | |||||
| CVE-2026-31242 | 1 Mem0 | 1 Mem0 | 2026-05-14 | N/A | 9.1 CRITICAL |
| The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. This results in the deletion of the entire memory database table, causing catastrophic data loss and a complete denial of service for all users of the service. | |||||
| CVE-2026-31241 | 1 Mem0 | 1 Mem0 | 2026-05-14 | N/A | 6.5 MEDIUM |
| The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g., user_id, run_id, agent_id) in the request query parameters. A remote attacker can exploit this by sending unauthenticated DELETE requests to erase memory data for any user, leading to unauthorized data loss and denial of service. | |||||