CVE-2026-59705 is a critical vulnerability in mem0's openmemory/api component. The vulnerability allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints [truncated]
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T22:16:54.503Z and has not been modified since then. The vulnerability affects mem0 instances with exposed or unsecured configurations, particularly those using LLM API keys. Users should verify their configurations and take immediate action to secure their environments.