CVE-2026-29787

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.21.0

Description The /api/health/detailed endpoint in mcp-memory-service exposes sensitive system information, including OS version, Python version, CPU count, memory details, disk usage, and the full database filesystem path. This exposure occurs when MCP ALLOW ANONYMOUS ACCESS is enabled, which is required for HTTP server functionality without authentication. Combined with the default 0.0.0.0 binding, this allows unauthenticated access to this information from the entire network. The exposed data can be used for OS fingerprinting, path disclosure, resource enumeration, and reconnaissance, potentially enabling targeted attacks. The vulnerable code resides in health.py lines 90-101 for system information collection and lines 131-132 for database path disclosure. The authentication bypass occurs because the require read access function calls get current user, which grants access when MCP ALLOW ANONYMOUS ACCESS is true. The exposed fields include platform, platform version, python version, cpu count, memory total gb, database path, and database size mb. An attacker can scan the network, access the /api/health/detailed endpoint without credentials, and use the gathered information to target known vulnerabilities or profile the system for further attacks.

Recommendations Versions prior to 10.21.0 should implement the following: Remove system details from the default health endpoint, returning only status, version, and uptime. Do not expose the database path to prevent filesystem structure disclosure. Add authentication to the basic /health endpoint or limit it to status-only information. Bind the service to 127.0.0.1 by default to prevent network-based reconnaissance.