CVE ID :CVE-2026-59705
Published : July 7, 2026, 11:16 p.m. | 1 hour, 58 minutes ago
Description :mem0’s openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : July 7, 2026, 11:16 p.m. | 1 hour, 58 minutes ago
Description :mem0’s openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-59705
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Immediately assess all systems running the "Phoenix Framework" to identify potentially affected instances. Prioritize systems that are publicly accessible or handle sensitive data.
a. Isolation: If active exploitation is suspected or confirmed, immediately isolate affected systems from public networks. Consider network segmentation to prevent lateral movement within your internal infrastructure.
b. Log Review: Review application, web server,
💡 AI-generated — review with a security professional before acting.View on NVD →