The vulnerability arises when the API_TOKEN environment variable is unset or empty in Nocturne Memory versions prior to 2.4.1. Based on the description, it is inferred that this absence causes the BearerTokenAuthMiddleware to ignore authentication for all HTTP requests, effectively disabling the access control layer. An unauthenticated attacker can exploit this to read, modify, or delete any memory entry exposed by the REST or SSE interface, including critical system and core URIs that are automatically loaded into downstream agent sessions. This enables persistent prompt injection.

The affected product is Nocturne Memory, a lightweight long‑term memory server for MCP Agents, provided by Dataojitori. Versions earlier than 2.4.1 contain the issue. The server binds by default to 0.0.0.0 and allows all CORS origins, so any LAN‑reachable client can reach the vulnerable interface if API_TOKEN is missing. Given the default binding to 0.0.0.0 and wildcard CORS, a likely attack vector is any LAN‑reachable client.

The CVSS score of 8.7 reflects the high severity of this authentication bypass. Based on the description, it is inferred that the lack of authentication requirements and the network‑reachable nature of the service facilitate exploitation. Because the vulnerability requires no credential and the service is network accessible, exploitation is straightforward. The likely attack vector is a local network client exploiting the default binding and open CORS settings. The EPSS score is not available, but the absence of mitigations such as a non‑empty token, restricted binding, or CORS limits means an attacker on the same local network can readily exercise the full read/write/delete capability. The vulnerability is not yet listed in the CISA KEV catalog but should be treated as high risk until remediation is applied.