CVE-2026-33010
Received Received - Intake
CORS Misconfiguration in mcp-memory-service Allows Unauthorized Data Access

Publication date: 2026-03-20

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33010
EUVD
EUVD-2026-13766
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
doobidoo mcp-memory-service to 10.25.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The vulnerability in mcp-memory-service (prior to version 10.25.1) arises from a misconfiguration of Cross-Origin Resource Sharing (CORS) settings combined with anonymous access. Specifically, when the HTTP server is enabled, the service uses FastAPI's CORSMiddleware with a wildcard origin ('*'), allowing any website to access the API responses cross-origin."}, {'type': 'paragraph', 'content': "Because anonymous access is enabled by default, no credentials are required to access the API. This means a malicious website can silently read, modify, or delete all stored memories by issuing cross-origin requests from a victim's browser without their knowledge."}, {'type': 'paragraph', 'content': 'The attack works by a victim visiting a malicious website, which then uses JavaScript to fetch data from the vulnerable service running locally or on the network. The permissive CORS settings allow the malicious script to bypass browser security and access sensitive data such as passwords, API keys, and personal notes.'}, {'type': 'paragraph', 'content': 'Additionally, the service binds to all network interfaces and disables HTTPS by default, increasing exposure. The vulnerability is rated high severity with a CVSS score of 8.1.'}] [1]

Impact Analysis

This vulnerability can have serious impacts including unauthorized disclosure, modification, and deletion of sensitive data stored by the mcp-memory-service.

  • Any malicious website can silently steal all stored memories from the service without requiring credentials.
  • Attackers can modify or delete stored memories remotely, potentially causing data loss or corruption.
  • Because the service binds to all interfaces and disables HTTPS by default, attackers on the same network can directly access the API, increasing risk.
  • Sensitive information such as passwords, API keys, and personal notes can be exposed, leading to further compromise.

The attack is silent and invisible to the victim, making detection difficult.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the mcp-memory-service HTTP server is running with the vulnerable configuration: specifically, if the environment variables MCP_HTTP_ENABLED=true and MCP_ALLOW_ANONYMOUS_ACCESS=true are set, and if the CORS headers include Access-Control-Allow-Origin: * with allow_credentials=true.

To detect the vulnerability on your system or network, you can perform the following checks:

  • Use curl or similar tools to send a request to the API endpoint and inspect the CORS headers. For example: curl -i http://<host>:<port>/api/memories
  • Look for the presence of the header Access-Control-Allow-Origin: * and Access-Control-Allow-Credentials: true in the response.
  • Check environment variables or configuration files for MCP_HTTP_ENABLED=true and MCP_ALLOW_ANONYMOUS_ACCESS=true.
  • Scan the network for hosts exposing the mcp-memory-service API on port 8000 (or configured port) bound to 0.0.0.0, which indicates exposure to the entire network.
  • Use commands like netstat or ss to verify if the service is listening on all interfaces: netstat -tuln | grep 8000
Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Disable anonymous access by setting MCP_ALLOW_ANONYMOUS_ACCESS=false or enabling proper authentication.'}, {'type': 'list_item', 'content': "Replace the wildcard CORS origin setting (allow_origins=['*']) with explicit allowed origins such as http://localhost:8000 and http://127.0.0.1:8000."}, {'type': 'list_item', 'content': 'Set allow_credentials=False unless specific origins are configured.'}, {'type': 'list_item', 'content': 'Avoid binding the HTTP server to all interfaces (0.0.0.0); restrict it to localhost or trusted interfaces.'}, {'type': 'list_item', 'content': 'Enable HTTPS to protect data in transit.'}, {'type': 'list_item', 'content': 'Avoid passing API keys via query parameters to reduce risk of exposure.'}, {'type': 'list_item', 'content': 'Upgrade to version 10.25.1 or later where this vulnerability is patched.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33010. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart