216.73.216.170

CVE-2026-59705

· Published 08/07/2026 01:16 · Author: The MITRE Corporation

Labels: CVE-2026-59705

Essential information

Published
08/07/2026 01:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.8 CRITICAL (v3.1) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CWE-306
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.

NVD status

NVD
View on NVD