Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.10 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.8 views

EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 4:16 p.m.16 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 2:58 p.m.28 views

CVE-2026-49948 Mem0 0.2.8 Missing Authorization via POST /configure Endpoint

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 2:58 p.m.23 views

CVE-2026-49948

CVE-2026-49948 affects Mem0 versions up to 0.2.8 (fixed in commit ae7f406) where the self-hosted server’s POST /configure endpoint can modify global LLM provider and embedder configuration without validating the caller’s role. Authentication via JWT or distributed API key is insufficient, allowin...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47811

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References6
Rows per page
Query Builder