CVE-2026-59705: mem0's OpenMemory API Exposes User Data Without Auth
An unauthenticated access flaw in mem0's openmemory/api lets attackers read, write, or delete any user's memories by hitting unprotected API routes.
A new CVE is out for mem0's OpenMemory component, and it's a straightforward but serious one. CVE-2026-59705 documents API routers that were registered without authentication middleware, meaning anyone who can reach the endpoint can supply an arbitrary user_id and read, write, or delete another user's stored memories. There's also a denial-of-service angle: an unauthenticated caller can hit a pause endpoint with global_pause=true and take down memory functionality for every user on the instance.
This is a classic API authorization gap — not a sophisticated exploit, not a chain of vulnerabilities. The route was simply never gated. In my experience, these are the failures that sting the most because they're entirely preventable at design time. The pattern shows up repeatedly when teams bolt authentication onto existing routes incrementally rather than enforcing it by default at the framework or gateway level. If your default is "open unless explicitly locked," you will miss routes. The default has to be the other way around.
The user_id parameter abuse is worth calling out specifically. When an API accepts a caller-supplied user identifier and acts on it without verifying that the caller is actually that user, you don't have authentication — you have a suggestion box. This is an authorization problem layered on top of the authentication gap. Even if you added a login requirement, you'd still need to verify that the authenticated principal owns the user_id they're passing. Both controls were absent here.
If you're running mem0's OpenMemory in any environment — self-hosted, internal tooling, anything — check your deployment now. Patch or restrict network access to the API immediately. Beyond the immediate fix, this is a good forcing function to audit how your own internal APIs handle route-level auth. Pull your API gateway or framework config and confirm you have a deny-by-default posture on new route registration. If you can't answer that question in under ten minutes, you probably don't have it.
One honest note: the CVE doesn't specify affected versions or a patched release at the time of writing. Until that's confirmed, treat network-level controls as your primary mitigation — don't expose the openmemory/api surface to untrusted networks under any circumstances.
Be the first to comment
Members only — sign up if you have something worth saying.
Want to weigh in? Sign in or create a free account.
No comments yet.