Description
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue.
Published: 2026-06-19
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in mcp-memory-service allows a client that only possesses an OAuth token with the read scope to invoke end‑points that perform write and delete operations on the semantic memory layer. The JSON‑RPC handler at /mcp blindly forwards tool calls such as store_memory and delete_memory to underlying mutating functions, ignoring the stricter write scope that is correctly required by the REST API. Consequently, an attacker can compromise the integrity of stored memories without needing higher privileges, potentially tampering with AI application knowledge bases. The weakness was identified as CWE‑862: Missing Authorization.

Affected Systems

Affected vendors and products include Doobidoo’s mcp‑memory‑service. Versions prior to 10.65.3 use an HTTP MCP JSON‑RPC endpoint that requires only read scope for all operations. The fix is included in release 10.65.3; any installation running an earlier version or using that API endpoint is vulnerable.

Risk and Exploitability

The CVSS score of 8.1 indicates a high‑severity impact. Although EPSS data is unavailable, the vulnerability is not currently listed in CISA’s KEV catalogue. The likely attack vector is remote; an adversary with a read‑only OAuth token can directly call /mcp and exploit the flaw. Successful exploitation would allow unauthorized data deletion or addition, undermining system reliability and the correctness of AI inference.

Generated by OpenCVE AI on June 19, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to mcp‑memory‑service 10.65.3 or newer, which enforces write scope for mutating calls.
  • Revoke or restrict OAuth tokens that provide the read scope, ensuring customers only receive the minimal permissions required for their use case.
  • Monitor RPC invocation logs for unexpected store_memory or delete_memory calls and alert operations staff when such events are detected.

Generated by OpenCVE AI on June 19, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Doobidoo
Doobidoo mcp-memory-service
Vendors & Products Doobidoo
Doobidoo mcp-memory-service

Fri, 19 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue.
Title mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Doobidoo Mcp-memory-service
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-19T17:59:48.862Z

Reserved: 2026-05-28T20:07:58.862Z

Link: CVE-2026-49291

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:30:04Z

Weaknesses