CVE-2026-59706 in mem0info

Summary

by MITRE • 07/08/2026

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The vulnerability in mem0 represents a critical security flaw that exposes sensitive configuration data and enables server-side request forgery attacks through unauthenticated API endpoints. This issue affects the application's configuration management system where attackers can directly access stored credentials without proper authentication mechanisms. The exposed LLM API keys are particularly concerning as they provide unauthorized access to external AI services, potentially allowing adversaries to consume compute resources and incur costs on behalf of the organization.

The technical implementation flaw lies in the lack of authentication checks for configuration endpoints, specifically the GET /api/v1/config/ and PUT /api/v1/config/mem0/llm paths. When attackers submit a PUT request to the LLM configuration endpoint with a malicious ollama_base_url parameter, they can trigger server-side request forgery vulnerabilities that allow access to internal network resources. This vulnerability maps directly to CWE-611 (Improper Restriction of XML External Entity Reference) and CWE-918 (Server-Side Request Forgery) while also aligning with ATT&CK technique T1071.004 (Application Layer Protocol: DNS) and T1566.002 (Phishing: Spearphishing Attachment).

The operational impact of this vulnerability extends beyond simple credential theft, as it enables attackers to perform reconnaissance on internal systems through the IMDS endpoint access. This capability allows adversaries to gather sensitive metadata about cloud instances, potentially leading to further privilege escalation attacks. Organizations may face unauthorized API usage charges, data exfiltration, and potential compromise of other services that rely on the exposed credentials. The vulnerability essentially provides attackers with a backdoor into the application's configuration system and the underlying infrastructure through which it operates.

Mitigation strategies should implement strict authentication and authorization controls for all configuration endpoints, requiring proper API keys or session management before allowing access to sensitive configuration data. The application must validate and sanitize all input parameters, particularly those used in URL construction, to prevent SSRF attacks. Organizations should also consider implementing network segmentation to limit access to internal services and establish monitoring for unusual configuration changes. Additionally, credential rotation procedures should be implemented immediately to revoke compromised API keys while the vulnerability is being addressed through proper code fixes that enforce authentication checks and input validation.

Responsible

VulnCheck

Reservation

07/06/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!