CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-59705 — mem0's openmemory/api component contains an unauthenticated access vulnerability...

·Source: NIST NVD

Updated:

Executive Summary

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints wit

Analysis

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users. CVSS Score: 9.8. Published: 2026-07-07T23:16:55.997.

Indicators of Compromise (1)

CVE (1)
CVE-2026-59705
Source Attribution

Originally published by NIST NVD on Jul 7, 2026. Verified by: NIST.

Related Threats