Mem0 Authentication Bypass Vulnerability in Memory Deletion API Endpoint

Vulnerability

A vulnerability exists in the Mem0 server version 1.0.0, where the memory deletion API endpoint lacks proper authentication and authorization controls. This flaw allows unauthenticated users to delete memory records by specifying arbitrary user identifiers in the request query parameters. As a result, a remote attacker could exploit this vulnerability to erase memory data for any user, causing unauthorized data loss and potential denial-of-service.

Impact

Exploitation of this vulnerability leads to unauthorized deletion of user memory data, causing data loss and disrupting service availability.

Added: May 12, 2026, 6:25 PM

Updated: May 12, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mem0 Authentication Bypass Vulnerability in Memory Deletion API Endpoint

Vulnerability

Impact

Affected Products

mem0ai mem0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating