CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-59705

criticalCVSS 9.8covered by 1 sourcefirst seen 2026-07-07
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.

⚡ Watch CVE-2026-59705

Get an email if CVE-2026-59705 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-59705

CVE.org record

Embed the live status

CVE-2026-59705 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-59705 status](https://www.csirts.com/badge/CVE-2026-59705)](https://www.csirts.com/cve/CVE-2026-59705)