High severity7.5NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-31240
CVE-2026-31240
Description
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mem0aiPyPI | <= 1.0.0 | — |
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.