CVE-2026-33010
CORS Misconfiguration in mcp-memory-service Allows Unauthorized Data Access
Publication date: 2026-03-20
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| doobidoo | mcp-memory-service | to 10.25.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in mcp-memory-service (prior to version 10.25.1) arises from a misconfiguration of Cross-Origin Resource Sharing (CORS) settings combined with anonymous access. Specifically, when the HTTP server is enabled, the service uses FastAPI's CORSMiddleware with a wildcard origin ('*'), allowing any website to access the API responses cross-origin."}, {'type': 'paragraph', 'content': "Because anonymous access is enabled by default, no credentials are required to access the API. This means a malicious website can silently read, modify, or delete all stored memories by issuing cross-origin requests from a victim's browser without their knowledge."}, {'type': 'paragraph', 'content': 'The attack works by a victim visiting a malicious website, which then uses JavaScript to fetch data from the vulnerable service running locally or on the network. The permissive CORS settings allow the malicious script to bypass browser security and access sensitive data such as passwords, API keys, and personal notes.'}, {'type': 'paragraph', 'content': 'Additionally, the service binds to all network interfaces and disables HTTPS by default, increasing exposure. The vulnerability is rated high severity with a CVSS score of 8.1.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized disclosure, modification, and deletion of sensitive data stored by the mcp-memory-service.
- Any malicious website can silently steal all stored memories from the service without requiring credentials.
- Attackers can modify or delete stored memories remotely, potentially causing data loss or corruption.
- Because the service binds to all interfaces and disables HTTPS by default, attackers on the same network can directly access the API, increasing risk.
- Sensitive information such as passwords, API keys, and personal notes can be exposed, leading to further compromise.
The attack is silent and invisible to the victim, making detection difficult.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the mcp-memory-service HTTP server is running with the vulnerable configuration: specifically, if the environment variables MCP_HTTP_ENABLED=true and MCP_ALLOW_ANONYMOUS_ACCESS=true are set, and if the CORS headers include Access-Control-Allow-Origin: * with allow_credentials=true.
To detect the vulnerability on your system or network, you can perform the following checks:
- Use curl or similar tools to send a request to the API endpoint and inspect the CORS headers. For example: curl -i http://<host>:<port>/api/memories
- Look for the presence of the header Access-Control-Allow-Origin: * and Access-Control-Allow-Credentials: true in the response.
- Check environment variables or configuration files for MCP_HTTP_ENABLED=true and MCP_ALLOW_ANONYMOUS_ACCESS=true.
- Scan the network for hosts exposing the mcp-memory-service API on port 8000 (or configured port) bound to 0.0.0.0, which indicates exposure to the entire network.
- Use commands like netstat or ss to verify if the service is listening on all interfaces: netstat -tuln | grep 8000
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Disable anonymous access by setting MCP_ALLOW_ANONYMOUS_ACCESS=false or enabling proper authentication.'}, {'type': 'list_item', 'content': "Replace the wildcard CORS origin setting (allow_origins=['*']) with explicit allowed origins such as http://localhost:8000 and http://127.0.0.1:8000."}, {'type': 'list_item', 'content': 'Set allow_credentials=False unless specific origins are configured.'}, {'type': 'list_item', 'content': 'Avoid binding the HTTP server to all interfaces (0.0.0.0); restrict it to localhost or trusted interfaces.'}, {'type': 'list_item', 'content': 'Enable HTTPS to protect data in transit.'}, {'type': 'list_item', 'content': 'Avoid passing API keys via query parameters to reduce risk of exposure.'}, {'type': 'list_item', 'content': 'Upgrade to version 10.25.1 or later where this vulnerability is patched.'}] [1]