3 matches found
CVE-2026-59705
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...
PT-2026-56280
Name of the Vulnerable Software and Affected Versions mem0 openmemory/api affected versions not specified Description The openmemory/api component allows unauthenticated access to API routers that lack authentication middleware. This enables attackers to read, write, and delete arbitrary user...
PT-2026-26179
Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.25.1 Description mcp-memory-service is an open-source memory backend for multi-agent systems. When the HTTP server is enabled MCP HTTP ENABLED=true, the application configures FastAPI's CORSMiddleware wi...