CVE-2026-33010

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.25.1

Description mcp-memory-service is an open-source memory backend for multi-agent systems. When the HTTP server is enabled (MCP HTTP ENABLED=true), the application configures FastAPI's CORSMiddleware with allow origins=['*'], allow credentials=True, allow methods=["*"], and allow headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP ALLOW ANONYMOUS ACCESS=true), any malicious website can silently read, modify, and delete all stored memories. The vulnerability is compounded by factors such as binding to all interfaces (HTTP HOST = '0.0.0.0'), lack of TLS (HTTPS ENABLED = 'false'), and the use of an API key via a query parameter which is cached in browser history and server logs. The issue allows complete cross-origin memory access, memory tampering, and silent exfiltration of data. The attack works by a malicious webpage sending a fetch request to the API endpoint without any credentials, and the server responding with the Access-Control-Allow-Origin: * header, allowing the browser to expose the response to the attacker's JavaScript.

Recommendations Versions prior to 10.25.1: Replace the wildcard default for MCP CORS ORIGINS with an explicit localhost origin. For example, set CORS ORIGINS = 'http://localhost:8000,http://127.0.0.1:8000'. Also, set allow credentials=False unless specific origins are configured.