Description
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.
Published: 2026-03-20
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure and Data Modification via CORS Abuse
Action: Patch Now
AI Analysis

Impact

The vulnerability originates from a misconfigured Cross-Origin Resource Sharing (CORS) policy in the FastAPI middleware of mcp‑memory‑service. The server allows any origin with credentials and accepts any HTTP method and header, while anonymous access is enabled. This configuration enables a malicious website to read, modify, and delete any memory stored in the service via browser requests.

Affected Systems

The affected product is doobidoo’s open‑source mcp‑memory‑service. All releases prior to 10.25.1 are vulnerable when the HTTP interface is enabled (MCP_HTTP_ENABLED=true) and anonymous access is permitted (MCP_ALLOW_ANONYMOUS_ACCESS=true). No other vendors appear to be affected.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. The EPSS score is below 1%, and the vulnerability is not listed in CISA’s KEV catalog, suggesting a relatively low likelihood of exploitation. However, based on the description, it is inferred that the likely attack vector is a browser‑based cross‑origin request from a malicious site that can include credentials and retrieve or manipulate data stored by the service.

Generated by OpenCVE AI on April 14, 2026 at 21:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 10.25.1 or later, which corrects the CORS configuration.
  • If an upgrade is not feasible, disable the HTTP interface by setting MCP_HTTP_ENABLED to false.
  • Restrict CORS to trusted origins instead of '*', and disable allow_credentials if not required.
  • Enable authentication such as OAuth to prevent anonymous requests.
  • As a temporary countermeasure, place the service behind a reverse proxy that blocks cross‑origin requests.

Generated by OpenCVE AI on April 14, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g9rg-8vq5-mpwm mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
History

Tue, 14 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Doobidoo
Doobidoo mcp-memory-service
Vendors & Products Doobidoo
Doobidoo mcp-memory-service

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.
Title mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
Weaknesses CWE-942
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Doobidoo Mcp-memory-service
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T23:26:06.857Z

Reserved: 2026-03-17T17:22:14.664Z

Link: CVE-2026-33010

cve-icon Vulnrichment

Updated: 2026-03-20T23:25:58.571Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T19:16:17.813

Modified: 2026-04-14T18:12:23.217

Link: CVE-2026-33010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses