CVE-2026-31245

Source
https://cve.org/CVERecord?id=CVE-2026-31245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31245.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31245
Aliases
Published
2026-05-12T00:00:00Z
Modified
2026-07-08T08:00:05.607167874Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated POST requests to create malicious or spoofed memory entries in the database, leading to unauthorized data injection and potential data pollution.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31245.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/mem0ai/mem0

Affected ranges

Type
GIT
Repo
https://github.com/mem0ai/mem0
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:mem0:mem0:1.0.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

1.*
1.0.0
v1.*
v1.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31245.json"