CVE-2026-59706
Received Received - Intake

mem0 Unauthenticated Config API Exposes LLM Keys and SSRF

Vulnerability report for CVE-2026-59706, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: VulnCheck

Description

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in mem0, which has unauthenticated configuration API endpoints. These endpoints expose large language model (LLM) API keys in plaintext, allowing attackers to retrieve sensitive secrets such as OpenAI API keys without authentication. Additionally, attackers can exploit the vulnerability to perform server-side request forgery (SSRF) by manipulating the ollama_base_url parameter to make the server send requests to internal addresses.

Impact Analysis

The vulnerability can have severe impacts including unauthorized disclosure of sensitive API keys, which can lead to misuse of those keys and potential financial or reputational damage. The SSRF capability allows attackers to make the server send requests to internal systems, potentially exposing internal services or data that are not meant to be publicly accessible.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart