CVE-2026-31243 — MEDIUM (6.5)

Vulnerability Description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Mem0	Mem0	1.0.0

Related Weaknesses (CWE)

CWE-306 CWE-862

References

https://github.com/mem0ai/mem0Product
https://www.notion.so/CVE-2026-31243-35d1e139318881c6a6cffbe366c238a6MitigationThird Party Advisory

FAQ

What is CVE-2026-31243?

CVE-2026-31243 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker...

How severe is CVE-2026-31243?

CVE-2026-31243 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-31243?

Check the references section above for vendor advisories and patch information. Affected products include: Mem0 Mem0.