CVE Catalog

CVE-2026-13511

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A vulnerability was found in VoltAgent up to version 2.1.17 in the Memory REST API component. The function handleGetMemoryConversation in memory.handlers.ts improperly authorizes access after manipulation of the conversationId argument. The attack can be performed remotely but is difficult to exploit due to high complexity.

Risk Assessment

The organization is at risk of unauthorized access to data stored in the application's memory, potentially leading to leakage of sensitive information. A publicly available exploit increases the attack risk.

Recommendation

Immediately apply the available patch or implement temporary mitigations such as strengthening validation of the conversationId argument and restricting API access to trusted IP addresses.

Original NVD description (English source)

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS