Back to overview

CVE-2026-59706

CRITICAL
9.3
CVSS 3.1
Description
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

Metadata

CVE ID
CVE-2026-59706
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-06 15:31 UTC
Published
2026-07-07 21:02 UTC
Last updated
2026-07-07 21:02 UTC
Primary CWE
CWE-306
Missing Authentication for Critical Function
Vendor / Product
mem0 / mem0
Sources
cve.org  ·  NVD

Severity & Metrics

9.3 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
mem0 mem0 0 ≤ a3154d5
Weakness (CWE)
CWESourceDescription
CWE-306 cna Missing Authentication for Critical Function
CVSS scores (2)
ScoreSeverityVersionSourceVector
9.3 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
9.2 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Back to overview