CVE-2026-31240

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0

Description The server lacks authentication and authorization controls for its memory management API endpoints. This allows a remote attacker to send unauthenticated requests to modify, overwrite, or delete arbitrary memory records, resulting in unauthorized data manipulation and potential data loss. The issue specifically affects the endpoint "PUT /memories/{memory id}" and the variable memory id.

Recommendations Update mem0 version 1.0.0 to a newer version that implements proper authentication and authorization controls. As a temporary workaround, restrict access to the "PUT /memories/{memory id}" endpoint to minimize the risk of exploitation.