CVE-2026-31243: n/a
The mem0 1.0.0 server has a vulnerability where its DELETE /memories endpoint lacks authentication and authorization controls. This allows an unauthenticated attacker to trigger a memory reset operation that executes a CREATE TABLE SQL statement. The consequence can be unexpected table re-creation, disruption of the database schema, potential data loss, and denial of service for the memory management service. The vulnerability has a medium severity with a CVSS score of 6.5. No patch or official remediation guidance is currently available.
AI Analysis
Technical Summary
CVE-2026-31243 describes a vulnerability in mem0 1.0.0 where the DELETE /memories endpoint does not enforce authentication or authorization. An attacker can send an unauthenticated DELETE request to trigger a reset operation that executes a CREATE TABLE SQL command. This can lead to unintended table re-creation, schema disruption, data loss, and denial of service. The vulnerability relates to missing access controls (CWE-306) and improper authorization (CWE-862). No patch or vendor advisory has been published to date.
Potential Impact
An unauthenticated attacker can cause the mem0 server to reset memory by executing a CREATE TABLE SQL statement, potentially disrupting the database schema and causing data loss. This can also result in denial of service for the memory management service. There is no evidence of confidentiality impact. The overall impact is limited to integrity and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the DELETE /memories endpoint through network controls or other compensating measures to prevent unauthenticated access.
CVE-2026-31243: n/a
Description
The mem0 1.0.0 server has a vulnerability where its DELETE /memories endpoint lacks authentication and authorization controls. This allows an unauthenticated attacker to trigger a memory reset operation that executes a CREATE TABLE SQL statement. The consequence can be unexpected table re-creation, disruption of the database schema, potential data loss, and denial of service for the memory management service. The vulnerability has a medium severity with a CVSS score of 6.5. No patch or official remediation guidance is currently available.
CVSS v3.1
Score 6.5medium
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-31243 describes a vulnerability in mem0 1.0.0 where the DELETE /memories endpoint does not enforce authentication or authorization. An attacker can send an unauthenticated DELETE request to trigger a reset operation that executes a CREATE TABLE SQL command. This can lead to unintended table re-creation, schema disruption, data loss, and denial of service. The vulnerability relates to missing access controls (CWE-306) and improper authorization (CWE-862). No patch or vendor advisory has been published to date.
Potential Impact
An unauthenticated attacker can cause the mem0 server to reset memory by executing a CREATE TABLE SQL statement, potentially disrupting the database schema and causing data loss. This can also result in denial of service for the memory management service. There is no evidence of confidentiality impact. The overall impact is limited to integrity and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the DELETE /memories endpoint through network controls or other compensating measures to prevent unauthenticated access.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a036fc8cbff5d86100cc44c
Added to database: 05/12/2026, 18:22:00 UTC
Last enriched: 05/19/2026, 18:48:09 UTC
Last updated: 07/05/2026, 08:51:22 UTC
Views: 122
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.