{"vulnerability": "cve-2026-59706", "sightings": [{"uuid": "6cd25b63-d020-483f-9b52-fe2706529818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lju4gqu2f", "content": "CVE-2026-59706 - mem0\nThe mem0 software has unsecured endpoints that reveal sensitive API keys and allow attackers to access internal addresses. This puts sensitive data and systems at risk. To protect your data, update\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#mem0 #CVE #infosec", "creation_timestamp": "2026-07-07T21:50:05.433458Z"}, {"uuid": "3f9d1005-184b-44ec-97f1-8f321d0e5ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rokhsrv2g", "content": "CVE-2026-59706 - mem0 - Server-Side Request Forgery and Plaintext API Key Exposure via Unauthenticated Config Endpoints\nCVE ID : CVE-2026-59706\n \n Published : July 7, 2026, 10:16 p.m. | 58\u00a0minutes ago\n \n Description : mem0 contains unauthenticated config API endpoints that exp...", "creation_timestamp": "2026-07-07T23:40:06.213808Z"}, {"uuid": "f76aa55c-fcf9-49f7-8a53-ced46a4bb66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116890266111536679", "content": "I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-59706\n\nmem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.", "creation_timestamp": "2026-07-09T13:31:54.921466Z"}]}