{"vulnerability": "CVE-2026-50027", "sightings": [{"uuid": "cf4b66c8-1209-4823-a556-4cfc6ccc0def", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50027", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-84hp-mqvj-3p8h", "content": "", "creation_timestamp": "2026-07-02T16:35:08.629460Z"}, {"uuid": "7e19adc4-02a8-4d9f-9d50-a9e619092e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50027", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116853809243699371", "content": "CVE-2026-50027: mcp-memory-service (&lt;10.67.1) has a CRITICAL auth bypass in /api/documents/* \ud83d\udea8. Unauthenticated attackers can read, write, delete memory data. Restrict access or disable endpoints until fixed. https://radar.offseq.com/threat/ghsa-84hp-mqvj-3p8h-mcp-memory-service-missing-aut-09a7b270b55ce238 #OffSeq #CVE202650027 #APIsecurity", "creation_timestamp": "2026-07-03T03:00:27.086970Z"}]}