VYPR
High severity7.5NVD Advisory· Published May 12, 2026· Updated May 14, 2026

CVE-2026-31240

CVE-2026-31240

Description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mem0aiPyPI
<= 1.0.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.