Mem0 Memory Deletion API Unauthenticated Access Vulnerability

Vulnerability

A vulnerability exists in the Mem0 server version 1.0.0, specifically within the memory deletion API endpoint (DELETE /memories/{memory_id}). The server lacks proper authentication and authorization controls, allowing unauthenticated users to delete any memory record from the database. This oversight can lead to unauthorized data loss and potential denial-of-service conditions.

Impact

Exploitation of this vulnerability allows for arbitrary deletion of memory records, causing unauthorized data loss. Additionally, this could disrupt service availability, especially if critical memory entries are removed.

Added: May 12, 2026, 6:23 PM

Updated: May 12, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mem0 Memory Deletion API Unauthenticated Access Vulnerability

Vulnerability

Impact

Affected Products

mem0ai mem0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating