CVE-2026-31242 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 13, 2026
mem0 - Broken Access Control
Published: May 12, 2026Updated: May 13, 2026Remote Exploitable
Overview
mem0 v1.0.0 contains a broken access control vulnerability caused by lack of authentication and authorization on DELETE /memories endpoint, letting unauthenticated attackers delete the entire memory database table, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Unauthenticated attackers can delete the entire memory database, causing catastrophic data loss and complete denial of service.
Mitigation
Update to the latest version with proper authentication and authorization controls on DELETE /memories endpoint.
References
Related Resources
Details
- CVE ID
- CVE-2026-31242
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_access_control
- Status
- unconfirmed
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H