CYBERHAWK / CVE / CVE-2026-49948

CVE-2026-49948

HIGH CVSS 8.1 other

The flaw

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only veri

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-49948

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits