CVE-2026-31245 — Unauthenticated memory injection via mem0 POST /memories

MITRE service request: 1988584

Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).

Official CVE description

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated POST requests to create malicious or spoofed memory entries in the database, leading to unauthorized data injection and potential data pollution.

Summary

Attackers can forge POST /memories bodies that set arbitrary user_id fields, polluting another user’s memory stream with spam, offensive content, or prompt-injection payloads that downstream LLM agents will trust.

Affected product and versions

• Product: mem0ai/mem0 server.
• Affected range (coordination record): v1.0.0 (commit 5f5e64b44be9be26c6aa223f5c4b538998b8ec8e).

Technical details

• Surface: POST /memories → add_memory → async worker → PGVector.insert().
• Missing control: No binding between JSON user_id and authenticated caller.
• Impact: Integrity/poisoning of RAG corpora, indirect compromise of agent behavior.

Risk

High — enables targeted prompt-injection supply attacks.

Remediation / workaround

• Authenticate writers; derive user_id from token, ignore client field.
• Vendor patch TBD.

CVE Program next steps