CVE-2026-29787: Mcp-memory-service Info Disclosure Flaw

CVE-2026-29787 Overview

CVE-2026-29787 is an Information Disclosure vulnerability affecting mcp-memory-service, an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network.

Critical Impact
Unauthenticated attackers can harvest sensitive system reconnaissance data including OS details, resource configurations, and database paths, enabling targeted follow-up attacks against exposed mcp-memory-service deployments.

Affected Products

doobidoo mcp-memory-service (versions prior to 10.21.0)

Discovery Timeline

2026-03-07 - CVE CVE-2026-29787 published to NVD
2026-03-11 - Last updated in NVD database

Technical Details for CVE-2026-29787

Vulnerability Analysis

This vulnerability stems from an insecure endpoint design in mcp-memory-service that exposes sensitive system information without requiring authentication. The /api/health/detailed endpoint was implemented to provide diagnostic information but inadvertently becomes an information disclosure vector when combined with permissive configuration settings.

The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), reflecting its core issue of making sensitive data available to unauthenticated users. The attack can be executed remotely over the network without any user interaction or special privileges, making it accessible to any attacker with network visibility to the service.

Root Cause

The root cause is a combination of two design decisions that create a security gap:

Verbose Health Endpoint: The /api/health/detailed endpoint returns extensive system metadata including operating system version, Python interpreter version, CPU count, total memory, disk usage statistics, and critically, the full filesystem path to the database.
Authentication Bypass by Design: When MCP_ALLOW_ANONYMOUS_ACCESS=true is configured—a setting required for the HTTP server to operate without OAuth or API key authentication—all endpoints including the detailed health endpoint become accessible without credentials.
Permissive Network Binding: The default binding to 0.0.0.0 exposes the service to all network interfaces rather than restricting it to localhost, amplifying the exposure when combined with anonymous access.

Attack Vector

The attack is network-based and requires no authentication or user interaction. An attacker with network access to the mcp-memory-service can directly query the /api/health/detailed endpoint to retrieve system reconnaissance data. This information can be leveraged for:

Targeted Exploitation: OS and Python version information helps attackers identify applicable exploits
Infrastructure Mapping: CPU count and memory information reveals deployment scale
Attack Planning: Database path exposure could facilitate subsequent file inclusion or path traversal attacks
Privilege Escalation Preparation: Understanding system resources assists in crafting resource exhaustion or other targeted attacks

The vulnerability is exploited by simply sending an HTTP GET request to the vulnerable endpoint when the service is running with anonymous access enabled.

Detection Methods for CVE-2026-29787

Indicators of Compromise

Unexpected or repeated HTTP requests to /api/health/detailed endpoint from external IP addresses
Access logs showing queries to health endpoints from untrusted network sources
Reconnaissance patterns where /api/health/detailed queries precede other attack attempts
High-frequency automated probing of health check endpoints

Detection Strategies

Monitor HTTP access logs for requests to /api/health/detailed from non-internal sources
Implement network-level monitoring to detect external access attempts to mcp-memory-service ports
Configure web application firewalls to alert on sensitive endpoint access from unauthenticated sessions
Deploy intrusion detection rules targeting reconnaissance patterns against health check endpoints

Monitoring Recommendations

Enable verbose logging for the mcp-memory-service and centralize logs for analysis
Create alerts for any access to the /api/health/detailed endpoint from outside trusted network ranges
Implement rate limiting on health endpoints to detect and slow automated reconnaissance
Regularly audit network exposure of mcp-memory-service instances to identify misconfigured deployments

How to Mitigate CVE-2026-29787

Immediate Actions Required

Upgrade mcp-memory-service to version 10.21.0 or later immediately
Audit current deployments for MCP_ALLOW_ANONYMOUS_ACCESS=true configuration
Restrict network binding from 0.0.0.0 to localhost (127.0.0.1) or specific internal interfaces
Implement network-level access controls (firewall rules, security groups) to limit access to trusted sources only

Patch Information

The vulnerability has been patched in mcp-memory-service version 10.21.0. The fix is available via GitHub Commit 18f4323ca92763196aa2922f691dfbeb6bd84e48. Organizations should upgrade to the patched version and review the GitHub Security Advisory GHSA-73hc-m4hx-79pj for complete remediation guidance.

Workarounds

Disable anonymous access by removing or setting MCP_ALLOW_ANONYMOUS_ACCESS=false and implementing proper OAuth or API key authentication
Change the network binding configuration from 0.0.0.0 to 127.0.0.1 to limit exposure to localhost only
Deploy the service behind a reverse proxy with authentication requirements for all endpoints
Use network segmentation and firewall rules to restrict access to the mcp-memory-service to trusted internal networks only

bash

# Configuration example - Restrict network binding and disable anonymous access
# Set environment variables before starting mcp-memory-service
export MCP_ALLOW_ANONYMOUS_ACCESS=false
export MCP_BIND_ADDRESS=127.0.0.1
# Alternatively, use firewall rules to restrict access
# Example: Allow only internal network access to service port
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

CVE-2026-29787 Overview

Critical Impact
Unauthenticated attackers can harvest sensitive system reconnaissance data including OS details, resource configurations, and database paths, enabling targeted follow-up attacks against exposed mcp-memory-service deployments.

Affected Products

doobidoo mcp-memory-service (versions prior to 10.21.0)

Discovery Timeline

2026-03-07 - CVE CVE-2026-29787 published to NVD
2026-03-11 - Last updated in NVD database

Technical Details for CVE-2026-29787

Vulnerability Analysis

Root Cause

The root cause is a combination of two design decisions that create a security gap:

Verbose Health Endpoint: The /api/health/detailed endpoint returns extensive system metadata including operating system version, Python interpreter version, CPU count, total memory, disk usage statistics, and critically, the full filesystem path to the database.
Authentication Bypass by Design: When MCP_ALLOW_ANONYMOUS_ACCESS=true is configured—a setting required for the HTTP server to operate without OAuth or API key authentication—all endpoints including the detailed health endpoint become accessible without credentials.
Permissive Network Binding: The default binding to 0.0.0.0 exposes the service to all network interfaces rather than restricting it to localhost, amplifying the exposure when combined with anonymous access.

Attack Vector

Targeted Exploitation: OS and Python version information helps attackers identify applicable exploits
Infrastructure Mapping: CPU count and memory information reveals deployment scale
Attack Planning: Database path exposure could facilitate subsequent file inclusion or path traversal attacks
Privilege Escalation Preparation: Understanding system resources assists in crafting resource exhaustion or other targeted attacks

The vulnerability is exploited by simply sending an HTTP GET request to the vulnerable endpoint when the service is running with anonymous access enabled.

Detection Methods for CVE-2026-29787

Indicators of Compromise

Unexpected or repeated HTTP requests to /api/health/detailed endpoint from external IP addresses
Access logs showing queries to health endpoints from untrusted network sources
Reconnaissance patterns where /api/health/detailed queries precede other attack attempts
High-frequency automated probing of health check endpoints

Detection Strategies

Monitor HTTP access logs for requests to /api/health/detailed from non-internal sources
Implement network-level monitoring to detect external access attempts to mcp-memory-service ports
Configure web application firewalls to alert on sensitive endpoint access from unauthenticated sessions
Deploy intrusion detection rules targeting reconnaissance patterns against health check endpoints

Monitoring Recommendations

Enable verbose logging for the mcp-memory-service and centralize logs for analysis
Create alerts for any access to the /api/health/detailed endpoint from outside trusted network ranges
Implement rate limiting on health endpoints to detect and slow automated reconnaissance
Regularly audit network exposure of mcp-memory-service instances to identify misconfigured deployments

How to Mitigate CVE-2026-29787

Immediate Actions Required

Upgrade mcp-memory-service to version 10.21.0 or later immediately
Audit current deployments for MCP_ALLOW_ANONYMOUS_ACCESS=true configuration
Restrict network binding from 0.0.0.0 to localhost (127.0.0.1) or specific internal interfaces
Implement network-level access controls (firewall rules, security groups) to limit access to trusted sources only

Patch Information

Workarounds

Disable anonymous access by removing or setting MCP_ALLOW_ANONYMOUS_ACCESS=false and implementing proper OAuth or API key authentication
Change the network binding configuration from 0.0.0.0 to 127.0.0.1 to limit exposure to localhost only
Deploy the service behind a reverse proxy with authentication requirements for all endpoints
Use network segmentation and firewall rules to restrict access to the mcp-memory-service to trusted internal networks only

bash

# Configuration example - Restrict network binding and disable anonymous access
# Set environment variables before starting mcp-memory-service
export MCP_ALLOW_ANONYMOUS_ACCESS=false
export MCP_BIND_ADDRESS=127.0.0.1
# Alternatively, use firewall rules to restrict access
# Example: Allow only internal network access to service port
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

CVE-2026-29787: Mcp-memory-service Info Disclosure Flaw

CVE-2026-29787 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-29787

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-29787

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-29787

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-29787: Mcp-memory-service Info Disclosure Flaw

CVE-2026-29787 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-29787

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-29787

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-29787

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform