CVE-2026-31243: n/a
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service.
AI Analysis
Technical Summary
The mem0 1.0.0 server exposes a DELETE /memories endpoint that performs memory reset and table re-creation without enforcing authentication or authorization controls. An attacker can send an unauthenticated DELETE request to trigger a CREATE TABLE SQL command, which may lead to unexpected table re-creation, disruption of the database schema, potential data loss, and denial of service conditions affecting the memory management service. No CVSS score or patch information is currently provided, and the vulnerability is publicly disclosed as of May 12, 2026.
Potential Impact
An unauthenticated attacker can cause the mem0 server to reset memory and recreate database tables unexpectedly. This can disrupt the database schema, potentially result in data loss, and cause denial of service to the memory management functionality. There is no indication of remote code execution or privilege escalation beyond these impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the DELETE /memories endpoint through network controls or application-layer protections to prevent unauthenticated access. Monitor for unusual DELETE requests targeting this endpoint.
CVE-2026-31243: n/a
Description
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The mem0 1.0.0 server exposes a DELETE /memories endpoint that performs memory reset and table re-creation without enforcing authentication or authorization controls. An attacker can send an unauthenticated DELETE request to trigger a CREATE TABLE SQL command, which may lead to unexpected table re-creation, disruption of the database schema, potential data loss, and denial of service conditions affecting the memory management service. No CVSS score or patch information is currently provided, and the vulnerability is publicly disclosed as of May 12, 2026.
Potential Impact
An unauthenticated attacker can cause the mem0 server to reset memory and recreate database tables unexpectedly. This can disrupt the database schema, potentially result in data loss, and cause denial of service to the memory management functionality. There is no indication of remote code execution or privilege escalation beyond these impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the DELETE /memories endpoint through network controls or application-layer protections to prevent unauthenticated access. Monitor for unusual DELETE requests targeting this endpoint.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a036fc8cbff5d86100cc44c
Added to database: 5/12/2026, 6:22:00 PM
Last enriched: 5/12/2026, 6:43:16 PM
Last updated: 5/13/2026, 4:50:51 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.