CVE-2026-31245

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0

Description The server lacks authentication and authorization controls for the memory creation API endpoint "POST /memories". This allows unauthenticated users to submit arbitrary memory records without identity or permission verification. A remote attacker can send unauthenticated POST requests to create malicious or spoofed memory entries in the database, resulting in unauthorized data injection and potential data pollution.

Recommendations Update mem0 version 1.0.0 to a newer version that implements authentication and authorization for the "POST /memories" endpoint. As a temporary workaround, restrict access to the "POST /memories" API endpoint to minimize the risk of exploitation.