mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mem0
Mem0 mem0 |
|
| Vendors & Products |
Mem0
Mem0 mem0 |
Tue, 07 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint. | |
| Title | mem0 - Server-Side Request Forgery and Plaintext API Key Exposure via Unauthenticated Config Endpoints | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-07T21:02:22.766Z
Reserved: 2026-07-06T15:31:46.187Z
Link: CVE-2026-59706
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T22:30:17Z