GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service
Vulnerability ID: GHSA-G9RG-8VQ5-MPWM
CVSS Score: 8.1
Published: 2026-03-07
The mcp-memory-service package prior to version 10.25.1 contains a high-severity vulnerability chaining a permissive Cross-Origin Resource Sharing (CORS) policy with an information disclosure flaw. This combination allows malicious websites to extract sensitive AI context, including soft-deleted memory items, from developers running the service locally.
TL;DR
A permissive CORS policy in mcp-memory-service < 10.25.1 allows malicious websites to query the local API and extract sensitive AI agent memory data, including soft-deleted items via a flawed search endpoint.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-942, CWE-200
- Attack Vector: Network (via Browser)
- CVSS Score: 8.1
- Impact: Information Disclosure
- Exploit Status: Proof-of-Concept
- User Interaction: Required
Affected Systems
- mcp-memory-service (PyPI)
- AI agent pipelines utilizing MCP integrations
- Local developer environments
-
mcp-memory-service: < 10.25.1 (Fixed in:
10.25.1)
Mitigation Strategies
- Upgrade mcp-memory-service to version 10.25.1
- Configure strict CORS origins (localhost only)
- Enforce local firewall rules to restrict port access
- Monitor browser-initiated local network traffic for anomalies
Remediation Steps:
- Identify all local instances running mcp-memory-service.
- Terminate the active service processes.
- Update the package environment using: pip install --upgrade mcp-memory-service>=10.25.1
- Restart the service and inspect HTTP response headers to verify the wildcard CORS directive is removed.
References
Read the full report for GHSA-G9RG-8VQ5-MPWM on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)