SYS::ONLINE
Wasteland.
Briefs1125
Issues18
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-59706 2026-07-07

CVE-2026-59706: Unauthenticated Config Endpoints Leak API Keys and Enable SSRF in mem0

"A critical flaw in the mem0 AI memory framework lets unauthenticated attackers read stored LLM API keys in plaintext and pivot to server-side request forgery through its config API."

A critical flaw in the mem0 AI memory framework lets unauthenticated attackers read stored LLM API keys in plaintext and pivot to server-side request forgery through its config API.

What Is It

mem0 (the mem0ai PyPI package) exposes config API endpoints that require no authentication. Two distinct problems stem from this. First, a GET /api/v1/config/ request returns stored secrets, such as OpenAI API keys, in plaintext. Second, an attacker can send PUT /api/v1/config/mem0/llm with an attacker-controlled ollama_base_url parameter pointed at internal addresses (for example, a cloud instance metadata service, IMDS), triggering server-side request forgery. The underlying weakness is CWE-306 (Missing Authentication for Critical Function).

Why It Matters

The vulnerability carries a CVSS 3.1 base score of 9.3 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N, network-reachable, low complexity, no privileges or user interaction required, and a changed scope. A secondary CVSS 4.0 score of 9.2 is also assigned. Exposed LLM API keys allow abuse of the victim's paid AI accounts, while SSRF against cloud IMDS endpoints can escalate to theft of cloud credentials and further internal access.

What's Vulnerable

Patch Status

The mem0 project addressed the issue; the reference commit a3154d59e52386d4e1189c1f5f44819868f76514 corresponds to the fix boundary, and tracking is available in GitHub issue #6081. Users should update to a build that includes this fix and ensure config endpoints are not exposed to untrusted networks. This CVE is not present in the supplied CISA KEV data, so there is no KEV-confirmed active exploitation or federally mandated remediation deadline at this time.

Sources