COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-59705

CVE-2026-59705

Severity
critical
Source
NVD · cve
Published
2026-07-07
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-59705
shame 35/100

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id

Description

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.