CVE-2026-59706
CRITICALmem0 - Server-Side Request Forgery and Plaintext API Key Exposure via Unauthenticated Config Endpoints
Title source: cnaDescription
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints
Scores
CVSS v3
9.3
EPSS
0.0026
EPSS Percentile
17.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
mem0/mem0
< a3154d5
Published
Jul 07, 2026
Tracked Since
Jul 08, 2026