{"id":"CVE-2026-59706","summary":"mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url","details":"mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.","modified":"2026-07-15T01:49:02.025657752Z","published":"2026-07-07T21:02:22.766Z","database_specific":{"cwe_ids":["CWE-306"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59706.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"a3154d5"}]}],"cna_assigner":"VulnCheck"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59706.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59706"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints"},{"type":"REPORT","url":"https://github.com/mem0ai/mem0/issues/6081"},{"type":"FIX","url":"https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514"},{"type":"PACKAGE","url":"https://github.com/mem0ai/mem0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mem0ai/mem0","events":[{"introduced":"0"},{"fixed":"a3154d59e52386d4e1189c1f5f44819868f76514"}],"database_specific":{"source":"REFERENCES"}}],"versions":["opencode-v0.1.1","v2.0.4","ts-v3.0.5","v2.0.3","ts-v3.0.4","cli-v0.2.7","cli-node-v0.2.7","cli-v0.2.5","cli-node-v0.2.5","v2.0.2","ts-v3.0.3","openclaw-v1.0.11","v2.0.1","ts-v3.0.2","openclaw-v1.0.10","openclaw-v1.0.9","openclaw-v1.0.8","cli-v0.2.4","cli-node-v0.2.4","openclaw-v1.0.7","ts-v3.0.1","v2.0.0","ts-v3.0.0","v2.0.0b2","ts-v3.0.0-beta.2","v2.0.0b1","ts-v3.0.0-beta.1","v2.0.0b0","ts-v3.0.0-beta.0","cli-v0.2.3","cli-node-v0.2.3","openclaw-v1.0.6","openclaw-v1.0.5","ts-v2.4.6","openclaw-v1.0.4","cli-v0.2.2","cli-node-v1.0.4","cli-node-v0.2.2","v1.0.11","openclaw-v1.0.4-beta.0","openclaw-v1.0.3","cli-v0.2.1","cli-node-v0.2.1","openclaw-v1.0.2","openclaw-v1.0.1","cli-node-v0.1.2","cli-v0.2.0","v1.0.10","cli-v0.2.0b1","v1.0.9","v1.0.8","v1.0.7","v1.0.6","v1.0.5","v1.0.4","v1.0.3","v1.0.2","v1.0.0","v0.1.118","v0.1.117","v0.1.116","v0.1.115","v0.1.114","v0.1.113","v0.1.112","v0.1.111","v0.1.110","v0.1.109","v0.1.108","v0.1.107rc2","v0.1.107r1","v0.1.107","v0.1.106","v0.1.104","v0.1.103","v0.1.102","v0.1.101","v0.1.100","v0.1.99","v0.1.98","v0.1.97","v0.1.96","v0.1.95","v0.1.94","v0.1.93","v0.1.92","v0.1.91","v0.1.90","v0.1.89","v0.1.88","v0.1.87","v0.1.86","v0.1.84","v0.1.83","v0.1.82","v0.1.81","v0.1.80","v0.1.79","v0.1.78","v0.1.77","v0.1.76","v0.1.75","v0.1.74","v0.1.73","v0.1.72","v0.1.71","v0.1.70","v0.1.69","v0.1.68","v0.1.67","v0.1.66","v0.1.65","v0.1.64","v0.1.63","v0.1.61","v0.1.59","v0.1.58","v0.1.57","v0.1.56","v0.1.54","v0.1.53","v0.1.52","v0.1.50","v0.1.49","v0.1.48","v0.1.47","v0.1.46","v0.1.45","v0.1.44","v0.1.43","v0.1.42","v0.1.39","v0.1.38","v0.1.37","v0.1.36","v0.1.34","0.1.123","0.1.121","0.1.120","0.1.118","0.1.117","0.1.116","0.1.115","0.1.114","0.1.113","0.1.112","0.1.111","0.1.110","0.1.109","0.1.108","0.1.107","0.1.106","0.1.105","0.1.104","0.1.103","0.1.102","0.1.101","0.1.100","0.1.99","0.1.98","0.1.97","0.1.96","0.1.95","0.1.94","0.1.93","0.1.92","0.1.91","0.1.90","0.1.89","0.1.88","0.1.87","0.1.86","0.1.85","0.1.84","0.1.83","0.1.82","0.1.81","0.1.80","0.1.79","0.1.78","0.1.77","0.1.76","0.1.75","0.1.74","0.1.73","0.1.72","0.1.71","0.1.70","0.1.69","0.1.68","0.1.67","0.1.66","0.1.65","0.1.64","0.1.63","0.1.62","0.1.61","0.1.60","0.1.59","0.1.58","0.1.57","0.1.56","0.1.55","0.1.54","0.1.53","0.1.52","0.1.51","0.1.50","0.1.49","0.1.48","0.1.47","0.1.46","0.1.45","0.1.44","0.1.43","0.1.42","0.1.41","0.1.40","0.1.39","0.1.38","0.1.37","0.1.36","0.1.35","0.1.34","v0.1.33","v0.1.32","v0.1.31","v0.1.30","v0.1.28","v0.1.27","v0.1.26","v0.1.25","v0.1.24","v0.1.23","v0.1.22","v0.1.21","v0.1.20","v0.1.19","v0.1.18","v0.1.17","v0.1.16","v0.1.15","v0.1.14","v0.1.13","v0.1.12","v0.1.11","v0.1.10","v0.1.9","v0.1.8","v0.1.7","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","v0.0.92","v0.0.91","v0.0.90","v0.0.89","v0.0.88","v0.0.87","v0.0.86","v0.0.85","v0.0.84","v0.0.83","v0.0.82","v0.0.81","v0.0.80","v0.0.79","v0.0.78","v0.0.77","v0.0.76","v0.0.75","v0.0.74","v0.0.73","v0.0.72","v0.0.71","v0.0.70","v0.0.69","v0.0.68","v0.0.67","v0.0.66","v0.0.65","v0.0.64","v0.0.63","v0.0.62","v0.0.61","v0.0.60","v0.0.59","0.0.58","v0.0.57","v0.0.56","v0.0.55","v0.0.54","v0.0.53","v0.0.52","v0.0.51","0.0.50","0.0.49","0.0.48","v0.0.47","0.0.46","0.0.45","0.0.44","0.0.43","0.0.42","0.0.41","0.0.40","0.0.39","0.0.38","v0.0.37","v0.0.36","v0.0.35","v0.0.34","0.0.32","v0.0.31","v0.0.30","v0.0.29","0.0.28","v0.0.27","v0.0.26","v0.0.24","0.0.23","release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-59706.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"}]}