The vulnerability identified as CVE-2026-33010 affects the doobidoo mcp-memory-service, an open-source memory backend designed for multi-agent systems. Prior to version 10.25.1, when the HTTP server feature is enabled (MCP_HTTP_ENABLED=true), the service configures FastAPI's CORSMiddleware with overly permissive settings: allow_origins=['*'], allow_credentials=True, allow_methods=['*'], and allow_headers=['*']. This configuration results in the Access-Control-Allow-Origin header being set to '*', which permits any external website to perform cross-origin requests and read API responses. When combined with the setting MCP_ALLOW_ANONYMOUS_ACCESS=true, which disables authentication to simplify dashboard access, any malicious website can silently perform cross-origin requests to the mcp-memory-service API without credentials. This allows attackers to read, modify, or delete all stored memories managed by the service. The vulnerability stems from CWE-942, which concerns permissive cross-domain policies that trust untrusted domains. The CVSS v3.1 base score is 8.1 (high), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity but no impact on availability. The vulnerability has been publicly disclosed and patched in version 10.25.1, but no known exploits in the wild have been reported yet.

This vulnerability can have severe consequences for organizations using the mcp-memory-service in multi-agent systems. Attackers can exploit the permissive CORS policy combined with anonymous access to exfiltrate sensitive memory data, potentially exposing confidential information. Furthermore, attackers can modify or delete stored memories, disrupting system operations, corrupting data integrity, and causing denial of service to dependent applications. Since the vulnerability requires no authentication, any user visiting a malicious website can trigger exploitation, increasing the attack surface significantly. Organizations relying on this service for critical memory storage in multi-agent environments risk data breaches, operational disruptions, and loss of trust. The impact is especially critical in sectors where memory data contains sensitive or proprietary information, such as defense, finance, or healthcare.

The primary mitigation is to upgrade the mcp-memory-service to version 10.25.1 or later, where the permissive CORS configuration and anonymous access issue have been addressed. Until upgrading, organizations should disable the HTTP server feature if not required (MCP_HTTP_ENABLED=false) or disable anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=false) to enforce authentication. Additionally, configure CORS policies to restrict allowed origins to trusted domains only, avoiding the use of wildcard '*' in allow_origins. Implement strict access controls and monitor API usage for suspicious cross-origin requests. Employ network-level protections such as web application firewalls (WAFs) to detect and block unauthorized API calls. Conduct regular security audits of configuration settings and educate users about the risks of visiting untrusted websites while connected to vulnerable services.