CVE-2026-44830
Received Received - Intake
BaseFortify

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow_origins=["*"], operators following the Docker setup without explicitly setting API_TOKEN expose the full Knowledge-Graph read/write API to any LAN-reachable client. An attacker on the same network can read, write, or delete all memory entries β€” including system://boot and core://* URIs that auto-load into downstream agent sessions, enabling persistent prompt-injection. This vulnerability is fixed in 2.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-44830
EUVD
EUVD-2026-32520
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nocturne_memory nocturne_memory 2.4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Nocturne Memory versions prior to 2.4.1. When the API_TOKEN is unset or empty, the BearerTokenAuthMiddleware fails to enforce authentication, allowing all HTTP requests to bypass authentication.

Because the default configuration binds the service to 0.0.0.0 and allows all CORS origins, any client on the same local network can access the full Knowledge-Graph read/write API without restriction.

An attacker on the same LAN can read, write, or delete all memory entries, including sensitive URIs like system://boot and core://* that automatically load into downstream agent sessions, enabling persistent prompt-injection attacks.

This security issue is fixed in version 2.4.1.


How can this vulnerability impact me? :

If you run a vulnerable version of Nocturne Memory without setting the API_TOKEN, an attacker on your local network can fully access and manipulate your memory entries.

  • They can read sensitive data stored in the memory server.
  • They can write or modify memory entries, potentially injecting malicious prompts.
  • They can delete critical memory entries, disrupting system or agent operations.

Such unauthorized access can lead to persistent prompt-injection attacks that affect downstream agent sessions, compromising the integrity and security of your system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the API_TOKEN environment variable is explicitly set and not empty when running Nocturne Memory.

Additionally, upgrade Nocturne Memory to version 2.4.1 or later, where this issue is fixed.

Avoid using the default host binding of 0.0.0.0 and the permissive CORS setting allow_origins=["*"] without proper authentication, as these settings expose the API to any LAN-reachable client.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart