What happened
CVE-2026-59706 (CVSS 9.3 Critical), published July 7, 2026, is an unauthenticated missing-authentication (CWE-306) flaw in mem0's config API that exposes plaintext LLM API keys and allows SSRF via a user-controlled ollama_base_url parameter.
Why it matters
mem0 is used as a persistent memory backend for LLM agents; unauthenticated exposure of API keys and SSRF into cloud metadata services could let an attacker fully compromise both the AI application's LLM-provider account and the underlying cloud host, representing a critical blast-radius risk for any agentic deployment using mem0.
Attack vector
Unauthenticated attacker sends GET /api/v1/config/ to retrieve plaintext stored LLM API keys (e.g., OpenAI keys), or PUT /api/v1/config/mem0/llm with an attacker-controlled ollama_base_url parameter pointing to internal addresses (e.g., cloud instance metadata service 169.254.169.254) to trigger SSRF and pivot into cloud infrastructure.
Affected systems
mem0 (AI agent memory layer) — unauthenticated config endpoints
Mitigation
Patch per mem0 GitHub advisory GHSA-225m-p565-9h68 / commit a3154d5; restrict config endpoint access; rotate any previously exposed LLM API keys; block outbound requests to cloud metadata IPs from mem0 hosts.