Mem0 Memory Reset Functionality Vulnerability Leading to Data Loss and Denial-of-Service

Vulnerability

A vulnerability in the Mem0 server version 1.0.0 allows for unauthorized memory resets through the DELETE /memories endpoint. The server lacks proper authentication and authorization, enabling an unauthenticated attacker to send a DELETE request that triggers a reset operation. This exploitation executes a DROP TABLE SQL statement, deleting the entire memory database table. The consequence is significant data loss and a complete denial-of-service for all users of the service.

Impact

Exploitation of this vulnerability results in the unauthorized deletion of the memory database table, causing severe data loss and a total denial-of-service for all users.

Added: May 12, 2026, 6:24 PM

Updated: May 12, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mem0 Memory Reset Functionality Vulnerability Leading to Data Loss and Denial-of-Service

Vulnerability

Impact

Affected Products

mem0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating