{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33010", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T17:22:14.664Z", "datePublished": "2026-03-20T18:33:39.007Z", "dateUpdated": "2026-03-20T23:26:06.857Z"}, "containers": {"cna": {"title": "mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft", "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "lang": "en", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm"}], "affected": [{"vendor": "doobidoo", "product": "mcp-memory-service", "versions": [{"version": "< 10.25.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:33:39.007Z"}, "descriptions": [{"lang": "en", "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=[\"*\"], and allow_headers=[\"*\"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1."}], "source": {"advisory": "GHSA-g9rg-8vq5-mpwm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T21:28:21.076561Z", "id": "CVE-2026-33010", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T23:26:06.857Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33010", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T21:28:21.076561Z"}}}], "references": [{"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T23:25:58.571Z"}}], "cna": {"title": "mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft", "source": {"advisory": "GHSA-g9rg-8vq5-mpwm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "doobidoo", "product": "mcp-memory-service", "versions": [{"status": "affected", "version": "< 10.25.1"}]}], "references": [{"url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "name": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=[\"*\"], and allow_headers=[\"*\"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:33:39.007Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33010", "state": "PUBLISHED", "dateUpdated": "2026-03-20T23:26:06.857Z", "dateReserved": "2026-03-17T17:22:14.664Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T18:33:39.007Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*", "matchCriteriaId": "25AB17B5-256A-4CAA-8493-CFF189D15973", "versionEndExcluding": "10.25.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=[\"*\"], and allow_headers=[\"*\"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1."}, {"lang": "es", "value": "mcp-memory-service es un backend de memoria de c\u00f3digo abierto para sistemas multiagente. Antes de la versi\u00f3n 10.25.1, cuando el servidor HTTP est\u00e1 habilitado (MCP_HTTP_ENABLED=true), la aplicaci\u00f3n configura el CORSMiddleware de FastAPI con allow_origins=['*'], allow_credentials=True, allow_methods=['*'] y allow_headers=['*']. El encabezado comod\u00edn Access-Control-Allow-Origin: * permite a cualquier sitio web leer respuestas de la API de origen cruzado. Cuando se combina con acceso an\u00f3nimo (MCP_ALLOW_ANONYMOUS_ACCESS=true) - la forma m\u00e1s sencilla de hacer funcionar el panel de control HTTP sin OAuth - no se necesitan credenciales, por lo que cualquier sitio web malicioso puede leer, modificar y eliminar silenciosamente todas las memorias almacenadas. Este problema ha sido parcheado en la versi\u00f3n 10.25.1."}], "id": "CVE-2026-33010", "lastModified": "2026-04-14T18:12:23.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-20T19:16:17.813", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-942"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.25.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "mcp-memory-service", "source": "cna", "vendor": "doobidoo"}, "product": "mcp-memory-service", "vendor": "doobidoo"}], "analysis": {"en": {"generated_at": "2026-04-14T21:55:18.779434+00:00", "value": {"mitigation_remediation": ["Upgrade to version 10.25.1 or later, which corrects the CORS configuration.", "If an upgrade is not feasible, disable the HTTP interface by setting MCP_HTTP_ENABLED to false.", "Restrict CORS to trusted origins instead of '*', and disable allow_credentials if not required.", "Enable authentication such as OAuth to prevent anonymous requests.", "As a temporary countermeasure, place the service behind a reverse proxy that blocks cross\u2011origin requests."], "summary": {"action": "Patch Now", "impact": "Information Disclosure and Data Modification via CORS Abuse"}, "threat_synthesis": {"affected_systems": "The affected product is doobidoo\u2019s open\u2011source mcp\u2011memory\u2011service. All releases prior to 10.25.1 are vulnerable when the HTTP interface is enabled (MCP_HTTP_ENABLED=true) and anonymous access is permitted (MCP_ALLOW_ANONYMOUS_ACCESS=true). No other vendors appear to be affected.", "description_and_impact": "The vulnerability originates from a misconfigured Cross-Origin Resource Sharing (CORS) policy in the FastAPI middleware of mcp\u2011memory\u2011service. The server allows any origin with credentials and accepts any HTTP method and header, while anonymous access is enabled. This configuration enables a malicious website to read, modify, and delete any memory stored in the service via browser requests.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. The EPSS score is below 1%, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting a relatively low likelihood of exploitation. However, based on the description, it is inferred that the likely attack vector is a browser\u2011based cross\u2011origin request from a malicious site that can include credentials and retrieve or manipulate data stored by the service."}}}}, "created": "2026-03-23T09:52:58.908911+00:00", "updated": "2026-04-15T16:45:09.818815+00:00", "vendors": ["doobidoo", "doobidoo$PRODUCT$mcp-memory-service"]}