CVE-2026-31244
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Description
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated DELETE requests to remove any memory entry from the database, leading to unauthorized data loss and potential denial of service.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-306
Source
NVD
Vendor
mem0
Product
mem0
Discussion (0)
Add Comment
No comments yet. Be the first!