Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 5:59 p.m.4 views

CVE-2026-49291

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS5.9AI score0.00264EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 6:33 p.m.4 views

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

8.1CVSS5.8AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 6:33 p.m.13 views

CVE-2026-33010

CVE-2026-33010 affects mcp-memory-service prior to 10.25.1. When MCP_HTTP_ENABLED is true, the app configures FastAPI CORSMiddleware with allow_origins=[''], allow_credentials=True, allow_methods=[' '], and allow_headers=['*'], yielding Access-Control-Allow-Origin: *. With MCP_ALLOW_ANONYMOUS_ACC...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 6:33 p.m.25 views

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

8.1CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:34 p.m.3 views

CVE-2026-29787

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS5.7AI score0.00369EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/07 3:34 p.m.28 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS0.00369EPSS
Exploits1References2
CVE
CVE
added 2026/03/07 3:34 p.m.19 views

CVE-2026-29787

Summary of CVE-2026-29787 (mcp-memory-service) : The /api/health/detailed endpoint exposes detailed reconnaissance data (OS version, Python version, CPU, memory, disk usage, and the full database path). This occurs when anonymous access is enabled (MCP_ALLOW_ANONYMOUS_ACCESS=true) and the service...

5.3CVSS5.7AI score0.00369EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/05 9:42 p.m.2 views

Information Exposure

Overview mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Information Exposure in the...

6.3CVSS5.8AI score0.00369EPSS
Exploits1References2
Rows per page
Query Builder