CVE-2026-31243

Published: May 12, 2026

Modified: May 13, 2026

PUBLISHED

Description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mem0ai/mem0

https://www.notion.so/CVE-2026-31243-35d1e139318881c6a6cffbe366c238a6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31243

Description

Affected Products

References