CVE-2026-13511
VoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authorization
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
| CWE | CWE-285 CWE-266 |
| Vendor | n/a |
| Product | voltagent |
| Published | Jun 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a voltagent
Be the first to know when new low vulnerabilities affecting n/a voltagent are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / VoltAgent
2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.1.10 2.1.11 2.1.12 2.1.13 2.1.14 2.1.15 2.1.16 2.1.17
References
vuldb.com: https://vuldb.com/vuln/374519 vuldb.com: https://vuldb.com/vuln/374519/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13511 vuldb.com: https://vuldb.com/submit/838873 github.com: https://github.com/VoltAgent/voltagent/issues/1315 github.com: https://github.com/VoltAgent/voltagent/pull/1317 github.com: https://github.com/VoltAgent/voltagent/
Credits
๐ Dem000000 (VulDB User) VulDB CNA Team