CVE-2026-59706
mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url
CVSS Score
9.3
EPSS Score
0.3%
EPSS Percentile
17th
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
| CWE | CWE-306 |
| Vendor | mem0 |
| Product | mem0 |
| Published | Jul 7, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for mem0 mem0
Be the first to know when new critical vulnerabilities affecting mem0 mem0 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
mem0 / mem0
0 โค a3154d5
References
github.com: https://github.com/mem0ai/mem0/issues/6081 github.com: https://github.com/mem0ai/mem0 github.com: https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514 vulncheck.com: https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints
Credits
๐ George Chen