CVEFinder.io

CVE-2026-31240

⚠️ high
🔍 Scan for this CVE
Summary

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 328,009 vulnerabilities in our database.

#101,817
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-306

📦 Affected Products 0

No affected products information available

🔗 References 2

https://github.com/mem0ai/mem0
https://www.notion.so/CVE-2026-31240-35d1e1393188817...