Description
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0.
Published: 2026-03-07
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive system information revealed by unauthenticated health endpoint
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in the mcp‑memory-service arises from its /api/health/detailed endpoint leaking OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. Because MCP_ALLOW_ANONYMOUS_ACCESS=true enables anonymous access, an attacker with network visibility can request this endpoint without authentication. The disclosed data can be used to build a detailed reconnaissance profile of the host, identify potential weaknesses in the operating system or runtime, and facilitate further attacks. The weakness is a classic information disclosure (CWE‑200).

Affected Systems

Doobidoo’s mcp‑memory-service prior to version 10.21.0 is affected. Systems that have configured the service with MCP_ALLOW_ANONYMOUS_ACCESS=true and the default 0.0.0.0 listening interface are vulnerable. The vulnerability is absent in releases 10.21.0 and later.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score is less than 1 %, implying a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker who can reach the network‑exposed health endpoint can trivially access the sensitive data; no special privileges, configuration or credential are required. Because the broadcasted data contains identifiers of the OS, runtime, and filesystem, it eases future targeted attacks. The attack vector is network based and open for any host that can resolve the service's IP.

Generated by OpenCVE AI on April 16, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade doobidoo mcp-memory-service to version 10.21.0 or later where the health endpoint no longer leaks detailed information.
  • If upgrading is impossible, set MCP_ALLOW_ANONYMOUS_ACCESS=false to disable anonymous access to the health endpoint.
  • Restrict network access to the service by binding it to a non‑public interface or applying firewall rules that limit reachability to trusted hosts.

Generated by OpenCVE AI on April 16, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-73hc-m4hx-79pj mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint
History

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Doobidoo
Doobidoo mcp-memory-service
Vendors & Products Doobidoo
Doobidoo mcp-memory-service

Sat, 07 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0.
Title mcp-memory-service: System Information Disclosure via Health Endpoint
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Doobidoo Mcp-memory-service
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T18:26:27.568Z

Reserved: 2026-03-04T16:26:02.899Z

Link: CVE-2026-29787

cve-icon Vulnrichment

Updated: 2026-03-09T18:19:38.654Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T16:15:55.743

Modified: 2026-03-11T20:39:21.507

Link: CVE-2026-29787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:00:10Z

Weaknesses