Description
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
Problem types
Missing Authentication for Critical Function
Product status
Any version
Credits
George Chen
References
github.com/mem0ai/mem0/issues/6081
github.com/mem0ai/mem0/issues/6081 (GitHub Issue)
github.com/mem0ai/mem0 (Product)
github.com/...ommit/a3154d59e52386d4e1189c1f5f44819868f76514 (Patch Commit)
www.vulncheck.com/...re-via-unauthenticated-config-endpoints