CVE-2026-59706

mem0 · mem0

Unauthenticated configuration endpoints in mem0 expose plaintext API keys and allow for server-side request forgery (SSRF) attacks against internal services.

Executive summary

Critical vulnerabilities in mem0 configuration endpoints allow unauthenticated attackers to steal sensitive API keys and perform unauthorized internal network requests.

Vulnerability

The application exposes configuration API endpoints without authentication, enabling attackers to retrieve plaintext secrets and manipulate parameters like ollama_base_url to trigger SSRF attacks.

Business impact

With a CVSS score of 9.3, this vulnerability poses a severe threat to both infrastructure and third-party service security. Exposure of LLM API keys can lead to significant financial costs and data misuse, while the SSRF capability allows attackers to probe internal network resources that are otherwise shielded from the internet.

Remediation

Immediate Action: Update to the latest version of mem0 to implement mandatory authentication for configuration endpoints.

Proactive Monitoring: Monitor API access logs for requests to /api/v1/config/ and audit outgoing traffic from the server to detect anomalous SSRF attempts against internal metadata or management services.

Compensating Controls: Implement network segmentation to isolate the mem0 server and restrict its ability to reach sensitive internal services or cloud metadata endpoints.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The exposure of plaintext secrets combined with the ability to perform SSRF makes this a critical security concern. Users must apply the latest updates immediately to protect sensitive credentials and prevent the exploitation of internal network resources.