CVE-2026-59706
CRITICAL
9.3
CVSS 3.1
Description
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
Metadata
Severity & Metrics
9.3
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| mem0 | mem0 | — | 0 ≤ a3154d5 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-306 | cna | Missing Authentication for Critical Function |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.3 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| 9.2 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N |
References (4)
- GitHub Issue https://github.com/mem0ai/mem0/issues/6081
- Product https://github.com/mem0ai/mem0
- https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514
- https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints