CVE-2026-44830: CWE-306: Missing Authentication for Critical Function in Dataojitori nocturne_memory
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow_origins=["*"], operators following the Docker setup without explicitly setting API_TOKEN expose the full Knowledge-Graph read/write API to any LAN-reachable client. An attacker on the same network can read, write, or delete all memory entries — including system://boot and core://* URIs that auto-load into downstream agent sessions, enabling persistent prompt-injection. This vulnerability is fixed in 2.4.1.
AI Analysis
Technical Summary
Nocturne Memory is a long-term memory server for MCP Agents. Prior to version 2.4.1, if the API_TOKEN is not set or is empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. The default configuration binds the service to 0.0.0.0 and allows all origins via CORS, exposing the full read/write API to any client on the local network. This allows an attacker on the same LAN to manipulate all memory entries, including sensitive system URIs that auto-load into agent sessions, which can lead to persistent prompt injection. The issue is identified as CWE-306 (Missing Authentication for Critical Function) and has a CVSS 4.0 score of 8.7 (high severity). The vulnerability is resolved in nocturne_memory version 2.4.1.
Potential Impact
An attacker on the same local network can bypass authentication and gain full read/write/delete access to the nocturne_memory API. This includes the ability to modify critical system memory entries that affect downstream agent sessions, potentially enabling persistent prompt injection attacks. This compromises the integrity and confidentiality of the memory server data and downstream agent behavior.
Mitigation Recommendations
Upgrade nocturne_memory to version 2.4.1 or later, where this authentication bypass vulnerability is fixed. Until upgraded, ensure that the API_TOKEN environment variable is explicitly set to a strong token to enforce authentication. Review and restrict network exposure by avoiding binding the service to 0.0.0.0 if not necessary and limit CORS origins to trusted domains. Patch status is confirmed fixed in version 2.4.1.
CVE-2026-44830: CWE-306: Missing Authentication for Critical Function in Dataojitori nocturne_memory
Description
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow_origins=["*"], operators following the Docker setup without explicitly setting API_TOKEN expose the full Knowledge-Graph read/write API to any LAN-reachable client. An attacker on the same network can read, write, or delete all memory entries — including system://boot and core://* URIs that auto-load into downstream agent sessions, enabling persistent prompt-injection. This vulnerability is fixed in 2.4.1.
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Nocturne Memory is a long-term memory server for MCP Agents. Prior to version 2.4.1, if the API_TOKEN is not set or is empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. The default configuration binds the service to 0.0.0.0 and allows all origins via CORS, exposing the full read/write API to any client on the local network. This allows an attacker on the same LAN to manipulate all memory entries, including sensitive system URIs that auto-load into agent sessions, which can lead to persistent prompt injection. The issue is identified as CWE-306 (Missing Authentication for Critical Function) and has a CVSS 4.0 score of 8.7 (high severity). The vulnerability is resolved in nocturne_memory version 2.4.1.
Potential Impact
An attacker on the same local network can bypass authentication and gain full read/write/delete access to the nocturne_memory API. This includes the ability to modify critical system memory entries that affect downstream agent sessions, potentially enabling persistent prompt injection attacks. This compromises the integrity and confidentiality of the memory server data and downstream agent behavior.
Mitigation Recommendations
Upgrade nocturne_memory to version 2.4.1 or later, where this authentication bypass vulnerability is fixed. Until upgraded, ensure that the API_TOKEN environment variable is explicitly set to a strong token to enforce authentication. Review and restrict network exposure by avoiding binding the service to 0.0.0.0 if not necessary and limit CORS origins to trusted domains. Patch status is confirmed fixed in version 2.4.1.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T21:21:48.351Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a170b54e29bf47b50c905fc
Added to database: 5/27/2026, 3:18:44 PM
Last enriched: 5/27/2026, 3:49:07 PM
Last updated: 5/29/2026, 1:05:43 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.