CVE-2026-31241 — Unauthenticated bulk memory wipe via mem0 DELETE /memories

MITRE service request: 1988584

Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).

Official CVE description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g., user_id, run_id, agent_id) in the request query parameters. A remote attacker can exploit this by sending unauthenticated DELETE requests to erase memory data for any user, leading to unauthorized data loss and denial of service.

Summary

DELETE /memories?user_id=victim style calls reach delete_all_memories without verifying that the caller owns that user_id. Attackers can bulk-delete another user’s memories or wipe entire cohorts.

Affected product and versions

• Product: mem0ai/mem0 server.
• Affected range (coordination record): v1.0.0 (commit 5f5e64b44be9be26c6aa223f5c4b538998b8ec8e).

Technical details

• Surface: Unauthenticated DELETE /memories with query filters (user_id, run_id, agent_id).
• Sink: SQL delete path in PGVector.delete() invoked without authorization mapping.
• Impact: Catastrophic loss of long-term agent memory; availability collapse for dependent apps.

Risk

Critical on internet-facing mem0 instances.

Remediation / workaround

• Disable public DELETE; enforce auth tokens scoped to owners.
• Vendor patch TBD.

CVE Program next steps