CVE-2026-33010: mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

March 7, 2026 (updated March 20, 2026)

When the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI’s CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories.

References

github.com/advisories/GHSA-g9rg-8vq5-mpwm
github.com/doobidoo/mcp-memory-service
github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm
nvd.nist.gov/vuln/detail/CVE-2026-33010

Code Behaviors & Features

Detect and mitigate CVE-2026-33010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →