The vulnerability CVE-2026-33010 affects doobidoo's mcp-memory-service, an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with overly permissive settings: allow_origins=['*'], allow_credentials=True, allow_methods=['*'], and allow_headers=['*']. This setup results in the Access-Control-Allow-Origin header being set to '*', which allows any external website to perform cross-origin requests and read API responses. When combined with the configuration MCP_ALLOW_ANONYMOUS_ACCESS=true, which disables authentication to facilitate dashboard access without OAuth, any malicious website can silently access the API without credentials. This enables attackers to read, modify, or delete all stored memories managed by the service. The root cause is a CWE-942: Permissive Cross-domain Policy with Untrusted Domains, which violates the same-origin policy designed to protect web resources. The vulnerability does not require prior authentication but does require the HTTP server to be enabled and anonymous access to be allowed. The issue was patched in version 10.25.1 by tightening CORS policies and presumably restricting anonymous access. Although no exploits have been observed in the wild, the vulnerability has a CVSS 3.1 score of 8.1, reflecting its high impact on confidentiality and integrity, with low attack complexity and no privileges required. This vulnerability poses a significant risk to any deployment exposing the HTTP server with these insecure settings, potentially leading to unauthorized data exposure and manipulation.

The impact of CVE-2026-33010 is substantial for organizations using the affected versions of mcp-memory-service with HTTP enabled and anonymous access allowed. Attackers can exploit this vulnerability to bypass same-origin policy restrictions and gain unauthorized access to sensitive memory data stored by the service. This can lead to complete compromise of data confidentiality and integrity, as attackers can read, modify, or delete stored memories. Such unauthorized access could disrupt multi-agent system operations, corrupt data, or leak sensitive information to external entities. The vulnerability does not affect availability directly but can cause operational disruptions through data manipulation. Given the ease of exploitation—no authentication or special privileges required—and the broad scope of affected systems, organizations face a high risk of data breaches and system misuse. This threat is especially critical for deployments exposed to the internet or untrusted networks where malicious websites can lure users to trigger cross-origin requests. The lack of known exploits in the wild suggests the vulnerability is newly disclosed, but the high CVSS score and straightforward exploitation path necessitate immediate remediation to prevent potential attacks.

To mitigate CVE-2026-33010, organizations should immediately upgrade mcp-memory-service to version 10.25.1 or later, where the vulnerability is patched. If upgrading is not immediately feasible, administrators should disable the HTTP server by setting MCP_HTTP_ENABLED=false to prevent exposure of the vulnerable API. Additionally, disable anonymous access by setting MCP_ALLOW_ANONYMOUS_ACCESS=false to enforce authentication and prevent unauthorized API usage. Review and tighten CORS policies to avoid using wildcard '*' for allow_origins and disallow credentials when origins are not explicitly trusted. Implement strict origin whitelisting to restrict cross-origin requests only to trusted domains. Monitor network traffic and logs for unusual cross-origin requests or unauthorized API access attempts. Employ web application firewalls (WAFs) to detect and block suspicious cross-origin requests targeting the service. Educate developers and administrators about secure CORS configurations and the risks of permissive cross-domain policies. Finally, conduct regular security assessments and penetration tests to verify that no other misconfigurations expose the service to similar risks.