Mem0 Memory Management Service Unauthenticated Memory Reset Vulnerability

Vulnerability

A vulnerability in the Mem0 server version 1.0.0 allows for unauthorized memory reset and table re-creation actions. The issue arises from the absence of authentication and authorization controls on the DELETE /memories endpoint. This flaw enables an unauthenticated attacker to send a DELETE request that initiates a memory reset, which in turn executes a CREATE TABLE SQL command. The consequences include unexpected table re-creation, disruption of the database schema, potential data loss, and a denial-of-service condition for the memory management service.

Impact

Exploitation of this vulnerability leads to unauthorized memory resets, disruptive table re-creations, potential data loss, and a denial-of-service condition for the memory management service.

Added: May 12, 2026, 6:23 PM

Updated: May 12, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mem0 Memory Management Service Unauthenticated Memory Reset Vulnerability

Vulnerability

Impact

Affected Products

mem0ai mem0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating