Back to CVE List

CVE-2026-31244

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Vulnerability Description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated DELETE requests to remove any memory entry from the database, leading to unauthorized data loss and potential denial of service.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-306
Source
NVD
Vendor
mem0
Product
mem0

External References

Discussion (0)

Add Comment

No comments yet. Be the first!