{"id":"CVE-2026-49948","summary":"Mem0 0.2.8 Missing Authorization via POST /configure Endpoint","details":"Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating the caller's role. Any authenticated user holding a distributed API key can redirect all LLM and embedder traffic to an attacker-controlled server, with the malicious configuration persisted to PostgreSQL and surviving server restarts to affect all users and API keys on the instance.","modified":"2026-07-16T03:30:52.986969524Z","published":"2026-06-09T14:58:18.348Z","database_specific":{"cna_assigner":"VulnCheck","cwe_ids":["CWE-862"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49948.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49948.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-49948"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/mem0-missing-authorization-via-post-configure-endpoint"},{"type":"REPORT","url":"https://github.com/mem0ai/mem0/issues/5127"},{"type":"REPORT","url":"https://github.com/mem0ai/mem0/issues/5384"},{"type":"REPORT","url":"https://github.com/mem0ai/mem0/pull/5360"},{"type":"FIX","url":"https://github.com/mem0ai/mem0/commit/ae7f4062652df1376990221101d1adbb0819c973"},{"type":"PACKAGE","url":"https://github.com/mem0ai/mem0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mem0ai/mem0","events":[{"introduced":"0"},{"fixed":"6ddf1669f4f6ea408dca0b7f497af0cb8523cced"},{"fixed":"ae7f4062652df1376990221101d1adbb0819c973"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"0.2.8"}]}}],"versions":["v2.0.7","ts-v3.0.9","opencode-v0.2.0","v2.0.6","ts-v3.0.8","opencode-v0.1.3","openclaw-v1.0.13","evaluation-archive","pi-agent-v0.1.2","vercel-ai-v3.0.0","v2.0.5","ts-v3.0.7","pi-agent-v0.1.1","opencode-v0.1.2","vercel-ai-v2.0.6","ts-v3.0.6","openclaw-v1.0.12","cli-node-v0.2.8","opencode-v0.1.1","v2.0.4","ts-v3.0.5","v2.0.3","ts-v3.0.4","cli-v0.2.7","cli-node-v0.2.7","cli-v0.2.5","cli-node-v0.2.5","v2.0.2","ts-v3.0.3","openclaw-v1.0.11","v2.0.1","ts-v3.0.2","openclaw-v1.0.10","openclaw-v1.0.9","openclaw-v1.0.8","cli-v0.2.4","cli-node-v0.2.4","openclaw-v1.0.7","ts-v3.0.1","v2.0.0","ts-v3.0.0","v2.0.0b2","ts-v3.0.0-beta.2","v2.0.0b1","ts-v3.0.0-beta.1","v2.0.0b0","ts-v3.0.0-beta.0","cli-v0.2.3","cli-node-v0.2.3","openclaw-v1.0.6","openclaw-v1.0.5","ts-v2.4.6","openclaw-v1.0.4","cli-v0.2.2","cli-node-v1.0.4","cli-node-v0.2.2","v1.0.11","openclaw-v1.0.4-beta.0","openclaw-v1.0.3","cli-v0.2.1","cli-node-v0.2.1","openclaw-v1.0.2","openclaw-v1.0.1","cli-node-v0.1.2","cli-v0.2.0","v1.0.10","cli-v0.2.0b1","v1.0.9","v1.0.8","v1.0.7","v1.0.6","v1.0.5","v1.0.4","v1.0.3","v1.0.2","v1.0.0","v0.1.118","v0.1.117","v0.1.116","v0.1.115","v0.1.114","v0.1.113","v0.1.112","v0.1.111","v0.1.110","v0.1.109","v0.1.108","v0.1.107rc2","v0.1.107r1","v0.1.107","v0.1.106","v0.1.104","v0.1.103","v0.1.102","v0.1.101","v0.1.100","v0.1.99","v0.1.98","v0.1.97","v0.1.96","v0.1.95","v0.1.94","v0.1.93","v0.1.92","v0.1.91","v0.1.90","v0.1.89","v0.1.88","v0.1.87","v0.1.86","v0.1.84","v0.1.83","v0.1.82","v0.1.81","v0.1.80","v0.1.79","v0.1.78","v0.1.77","v0.1.76","v0.1.75","v0.1.74","v0.1.73","v0.1.72","v0.1.71","v0.1.70","v0.1.69","v0.1.68","v0.1.67","v0.1.66","v0.1.65","v0.1.64","v0.1.63","v0.1.61","v0.1.59","v0.1.58","v0.1.57","v0.1.56","v0.1.54","v0.1.53","v0.1.52","v0.1.50","v0.1.49","v0.1.48","v0.1.47","v0.1.46","v0.1.45","v0.1.44","v0.1.43","v0.1.42","v0.1.39","v0.1.38","v0.1.37","v0.1.36","v0.1.34","0.1.123","0.1.121","0.1.120","0.1.118","0.1.117","0.1.116","0.1.115","0.1.114","0.1.113","0.1.112","0.1.111","0.1.110","0.1.109","0.1.108","0.1.107","0.1.106","0.1.105","0.1.104","0.1.103","0.1.102","0.1.101","0.1.100","0.1.99","0.1.98","0.1.97","0.1.96","0.1.95","0.1.94","0.1.93","0.1.92","0.1.91","0.1.90","0.1.89","0.1.88","0.1.87","0.1.86","0.1.85","0.1.84","0.1.83","0.1.82","0.1.81","0.1.80","0.1.79","0.1.78","0.1.77","0.1.76","0.1.75","0.1.74","0.1.73","0.1.72","0.1.71","0.1.70","0.1.69","0.1.68","0.1.67","0.1.66","0.1.65","0.1.64","0.1.63","0.1.62","0.1.61","0.1.60","0.1.59","0.1.58","0.1.57","0.1.56","0.1.55","0.1.54","0.1.53","0.1.52","0.1.51","0.1.50","0.1.49","0.1.48","0.1.47","0.1.46","0.1.45","0.1.44","0.1.43","0.1.42","0.1.41","0.1.40","0.1.39","0.1.38","0.1.37","0.1.36","0.1.35","0.1.34","v0.1.33","v0.1.32","v0.1.31","v0.1.30","v0.1.28","v0.1.27","v0.1.26","v0.1.25","v0.1.24","v0.1.23","v0.1.22","v0.1.21","v0.1.20","v0.1.19","v0.1.18","v0.1.17","v0.1.16","v0.1.15","v0.1.14","v0.1.13","v0.1.12","v0.1.11","v0.1.10","v0.1.9","v0.1.8","v0.1.7","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","v0.0.92","v0.0.91","v0.0.90","v0.0.89","v0.0.88","v0.0.87","v0.0.86","v0.0.85","v0.0.84","v0.0.83","v0.0.82","v0.0.81","v0.0.80","v0.0.79","v0.0.78","v0.0.77","v0.0.76","v0.0.75","v0.0.74","v0.0.73","v0.0.72","v0.0.71","v0.0.70","v0.0.69","v0.0.68","v0.0.67","v0.0.66","v0.0.65","v0.0.64","v0.0.63","v0.0.62","v0.0.61","v0.0.60","v0.0.59","0.0.58","v0.0.57","v0.0.56","v0.0.55","v0.0.54","v0.0.53","v0.0.52","v0.0.51","0.0.50","0.0.49","0.0.48","v0.0.47","0.0.46","0.0.45","0.0.44","0.0.43","0.0.42","0.0.41","0.0.40","0.0.39","0.0.38","v0.0.37","v0.0.36","v0.0.35","v0.0.34","0.0.32","v0.0.31","v0.0.30","v0.0.29","0.0.28","v0.0.27","v0.0.26","v0.0.24","0.0.23","release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49948.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}