The vulnerability CVE-2026-29787 affects doobidoo's open-source mcp-memory-service, a memory backend used in multi-agent systems. Prior to version 10.21.0, the service exposes a REST API endpoint, /api/health/detailed, which returns extensive system information including operating system version, Python runtime version, CPU core count, total memory, disk usage statistics, and the full filesystem path of the database. This endpoint is intended for health monitoring but inadvertently leaks sensitive reconnaissance data. The issue is exacerbated when the environment variable MCP_ALLOW_ANONYMOUS_ACCESS=true is set, a configuration required for the HTTP server to operate without OAuth or API key authentication. Under this setting, the endpoint is accessible without any authentication or authorization. Additionally, the service binds by default to 0.0.0.0, making it reachable from any host on the network. This combination allows any network user to query the endpoint and gather detailed system information that could facilitate further targeted attacks or lateral movement. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS v3.1 base score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited confidentiality impact without integrity or availability effects. No known exploits have been reported in the wild as of the publication date. The vendor addressed the issue in version 10.21.0 by presumably restricting access or sanitizing the information returned. Organizations running versions earlier than 10.21.0 with anonymous access enabled are at risk of sensitive information disclosure.

This vulnerability primarily impacts confidentiality by exposing detailed system information to unauthorized actors on the network. Attackers can leverage this reconnaissance data to identify system configurations, software versions, and filesystem layouts, which can aid in crafting targeted exploits or lateral movement strategies. While it does not directly compromise system integrity or availability, the information leakage increases the attack surface and risk of subsequent attacks. Organizations with exposed instances may face increased risk of intrusion attempts, especially if combined with other vulnerabilities. The exposure is particularly critical in environments where the service is accessible from untrusted networks or the internet. Sensitive infrastructure details could also reveal operational practices or system architecture, potentially impacting organizational security posture and compliance requirements. However, the absence of known active exploits and the medium CVSS score indicate a moderate risk level if mitigated promptly.

1. Upgrade all instances of mcp-memory-service to version 10.21.0 or later, where the vulnerability is patched. 2. Avoid setting MCP_ALLOW_ANONYMOUS_ACCESS=true unless absolutely necessary. If anonymous access is required, restrict network exposure by binding the service to localhost or internal IP addresses rather than 0.0.0.0. 3. Implement network segmentation and firewall rules to limit access to the mcp-memory-service API endpoints only to trusted hosts and management networks. 4. Use authentication mechanisms such as OAuth or API keys to protect sensitive endpoints and disable anonymous access wherever possible. 5. Regularly audit and monitor API endpoints for unauthorized access attempts and unusual query patterns. 6. Sanitize or limit the amount of system information returned by health or diagnostic endpoints to the minimum necessary for operational monitoring. 7. Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely updates. 8. Educate system administrators about the risks of exposing detailed system information and the importance of secure configuration.