Home

Description

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating the caller's role. Any authenticated user holding a distributed API key can redirect all LLM and embedder traffic to an attacker-controlled server, with the malicious configuration persisted to PostgreSQL and surviving server restarts to affect all users and API keys on the instance.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-09 | Updated 2026-06-09 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

Missing Authorization

Product status

Default status
affected

Any version
affected

ae7f4062652df1376990221101d1adbb0819c973 (git)
unaffected

Credits

YU SUN finder

References

github.com/mem0ai/mem0/issues/5127 technical-description exploit

github.com/mem0ai/mem0/issues/5384 technical-description

github.com/mem0ai/mem0/pull/5360 issue-tracking

github.com/...ommit/ae7f4062652df1376990221101d1adbb0819c973 patch

www.vulncheck.com/...thorization-via-post-configure-endpoint third-party-advisory

cve.org (CVE-2026-49948)

nvd.nist.gov (CVE-2026-49948)

Download JSON