Skip to main content

mcp-memory-service EUVDEUVD-2026-38058

| CVE-2026-49291 HIGH
Missing Authorization (CWE-862)
2026-06-19 GitHub_M GHSA-2r68-g678-7qr3
8.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
8.1 HIGH

Network-reachable HTTP endpoint, trivial JSON-RPC call (AC:L), requires a low-privileged read-scope OAuth token (PR:L), no user interaction; impact is write/delete of memories so I:H and A:H, no new confidentiality disclosure (C:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 19, 2026 - 21:02 EUVD
Analysis Generated
Jun 19, 2026 - 19:00 vuln.today

DescriptionCVE.org

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call store_memory and delete_memory through MCP even though the corresponding REST endpoints require write scope. Version 10.65.3 patches the issue.

AnalysisAI

Authorization bypass in doobidoo mcp-memory-service prior to 10.65.3 lets OAuth clients with only the read scope invoke mutating MCP tools such as store_memory and delete_memory via the /mcp JSON-RPC endpoint, despite the equivalent REST endpoints correctly enforcing the write scope. Authenticated read-only clients can therefore tamper with or destroy memory entries used by downstream AI applications. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain read-scope OAuth token
Delivery
Reach /mcp JSON-RPC endpoint over network
Exploit
Send tools/call for delete_memory or store_memory
Execution
Scope check passes on read only
Persist
Handler executes mutating operation
Impact
Memory store tampered or wiped

Vulnerability AssessmentAI

Exploitation Requires a valid OAuth access token bearing the read scope for the target mcp-memory-service instance and network reachability to the HTTP /mcp JSON-RPC endpoint; the instance must be running a vulnerable version prior to 10.65.3 with the MCP HTTP interface enabled (it is the affected code path, distinct from the REST API). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (8.1 High) accurately reflects a network-reachable, low-complexity bypass that requires a low-privileged OAuth token and yields high integrity and availability impact with no confidentiality loss - consistent with an attacker overwriting or deleting memories but not reading new data they could not already access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been legitimately issued an OAuth token with only the read scope - for example a third-party AI agent integration meant to query memories - sends a JSON-RPC tools/call request to /mcp invoking delete_memory or store_memory with attacker-chosen content. Because the endpoint only verifies the read scope, the call succeeds and the attacker can wipe stored memories or poison them with adversarial content that downstream LLM consumers will later retrieve. …
Remediation Vendor-released patch: upgrade mcp-memory-service to 10.65.3 or later via pip (pip install --upgrade mcp-memory-service>=10.65.3), as confirmed by GHSA-2r68-g678-7qr3 and the PyPI release at https://pypi.org/project/mcp-memory-service/10.65.3. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running doobidoo mcp-memory-service versions prior to 10.65.3; audit OAuth token scopes and /mcp endpoint access for read-only credentials. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38058 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy