Mem0 Missing Authorization Vulnerability in Self-Hosted Server Component Allows Global Configuration Hijacking

A missing authorization vulnerability has been identified in the self-hosted server component of Mem0, affecting versions through 0.2.8. The vulnerability exists in the POST /configure endpoint, which modifies global LLM provider and embedder configurations. The endpoint only verifies authentication through JWT or X-API-Key, without validating the caller's role. This allows any authenticated user with a distributed API key to redirect all LLM and embedder traffic to an attacker-controlled server. The malicious configuration is persisted in PostgreSQL, survives server restarts, and affects all users and API keys on the instance.

Impact

Exploitation of this vulnerability allows for unauthorized modification of global LLM and embedder configurations, with the potential to exfiltrate user data and prompts to an attacker-controlled server. The impact is persistent, affecting all users and API keys on the instance.

Reproduction

To reproduce this vulnerability, upload a malicious configuration via the POST /configure endpoint using an API key. This can be done by registering an admin user, creating a service API key, and then using that key to hijack the global LLM configuration. After the configuration is changed, all LLM traffic will be redirected to the attacker-controlled server, where it can be verified that user prompts and data are being captured.

Remediation

The vulnerability has been fixed in Mem0 version 0.2.8. Users should upgrade to this version or later.