CVE-2026-49291: CWE-862: Missing Authorization in doobidoo mcp-memory-service
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue.
AI Analysis
Technical Summary
CVE-2026-49291 is a missing authorization vulnerability (CWE-862) in doobidoo's mcp-memory-service before version 10.65.3. The service's /mcp JSON-RPC endpoint accepts requests with only OAuth read scope but dispatches calls to handlers that perform state-changing operations, including store_memory and delete_memory. This allows an attacker with read-only OAuth credentials to perform unauthorized modifications. The vulnerability is fixed in version 10.65.3.
Potential Impact
An attacker with OAuth read scope can perform unauthorized mutating operations on the mcp-memory-service, such as storing or deleting memory entries. This leads to integrity and availability impacts, as indicated by the CVSS vector (Integrity: High, Availability: High). Confidentiality is not impacted. The vulnerability could allow unauthorized data manipulation within the AI semantic memory layer.
Mitigation Recommendations
Upgrade to mcp-memory-service version 10.65.3 or later, where this authorization issue is fixed. No other mitigation is indicated. Patch status is not explicitly stated but the description confirms version 10.65.3 patches the issue.
CVE-2026-49291: CWE-862: Missing Authorization in doobidoo mcp-memory-service
Description
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue.
CVSS v3.1
Score 8.1high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-49291 is a missing authorization vulnerability (CWE-862) in doobidoo's mcp-memory-service before version 10.65.3. The service's /mcp JSON-RPC endpoint accepts requests with only OAuth read scope but dispatches calls to handlers that perform state-changing operations, including store_memory and delete_memory. This allows an attacker with read-only OAuth credentials to perform unauthorized modifications. The vulnerability is fixed in version 10.65.3.
Potential Impact
An attacker with OAuth read scope can perform unauthorized mutating operations on the mcp-memory-service, such as storing or deleting memory entries. This leads to integrity and availability impacts, as indicated by the CVSS vector (Integrity: High, Availability: High). Confidentiality is not impacted. The vulnerability could allow unauthorized data manipulation within the AI semantic memory layer.
Mitigation Recommendations
Upgrade to mcp-memory-service version 10.65.3 or later, where this authorization issue is fixed. No other mitigation is indicated. Patch status is not explicitly stated but the description confirms version 10.65.3 patches the issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-28T20:07:58.862Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a358c5cf198dc38c1f2fbb0
Added to database: 6/19/2026, 6:37:16 PM
Last enriched: 6/19/2026, 6:51:05 PM
Last updated: 6/19/2026, 9:53:33 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.