Vulnerability-Lookup

CVE-2026-29787 (GCVE-0-2026-29787)

Vulnerability from cvelistv5 – Published: 2026-03-07 15:34 – Updated: 2026-03-09 18:26

Title

mcp-memory-service: System Information Disclosure via Health Endpoint

Summary

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

URL

Tags

	https://github.com/doobidoo/mcp-memory-service/se…	x_refsource_CONFIRM
	https://github.com/doobidoo/mcp-memory-service/co…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	doobidoo	mcp-memory-service	Affected: < 10.21.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-29787",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T18:19:36.897424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T18:26:27.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mcp-memory-service",
          "vendor": "doobidoo",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 10.21.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-07T15:34:46.277Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj"
        },
        {
          "name": "https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48"
        }
      ],
      "source": {
        "advisory": "GHSA-73hc-m4hx-79pj",
        "discovery": "UNKNOWN"
      },
      "title": "mcp-memory-service: System Information Disclosure via Health Endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-29787",
    "datePublished": "2026-03-07T15:34:46.277Z",
    "dateReserved": "2026-03-04T16:26:02.899Z",
    "dateUpdated": "2026-03-09T18:26:27.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-29787\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-07T16:15:55.743\",\"lastModified\":\"2026-03-11T20:39:21.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0.\"},{\"lang\":\"es\",\"value\":\"mcp-memory-service es un backend de memoria de c\u00f3digo abierto para sistemas multiagente. Antes de la versi\u00f3n 10.21.0, el endpoint /API/health/detailed devuelve informaci\u00f3n detallada del sistema, incluyendo la versi\u00f3n del SO, la versi\u00f3n de Python, el n\u00famero de CPU, los totales de memoria, el uso del disco y la ruta completa del sistema de archivos de la base de datos. Cuando se establece MCP_ALLOW_ANONYMOUS_ACCESS=true (requerido para que el servidor HTTP funcione sin OAuth/clave API), este endpoint es accesible sin autenticaci\u00f3n. Combinado con el enlace predeterminado 0.0.0.0, esto expone datos sensibles de reconocimiento a toda la red. Este problema ha sido parcheado en la versi\u00f3n 10.21.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.21.0\",\"matchCriteriaId\":\"100791F9-95CC-437C-B5FE-02E465917998\"}]}]}],\"references\":[{\"url\":\"https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-29787\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-09T18:19:36.897424Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-09T18:19:38.654Z\"}}], \"cna\": {\"title\": \"mcp-memory-service: System Information Disclosure via Health Endpoint\", \"source\": {\"advisory\": \"GHSA-73hc-m4hx-79pj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"doobidoo\", \"product\": \"mcp-memory-service\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 10.21.0\"}]}], \"references\": [{\"url\": \"https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj\", \"name\": \"https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48\", \"name\": \"https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-07T15:34:46.277Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-29787\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-09T18:26:27.568Z\", \"dateReserved\": \"2026-03-04T16:26:02.899Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-07T15:34:46.277Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-73HC-M4HX-79PJ

Vulnerability from github – Published: 2026-03-05 21:42 – Updated: 2026-03-09 15:50

Summary

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

Details

Summary

The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network.

Details

Vulnerable Code

health.py:90-101 - System information collection

system_info = {
    "platform": platform.system(),              # e.g., "Linux", "Darwin"
    "platform_version": platform.version(),     # Full OS kernel version string
    "python_version": platform.python_version(),# e.g., "3.12.1"
    "cpu_count": psutil.cpu_count(),            # CPU core count
    "memory_total_gb": round(memory_info.total / (1024**3), 2),
    "memory_available_gb": round(memory_info.available / (1024**3), 2),
    "memory_percent": memory_info.percent,
    "disk_total_gb": round(disk_info.total / (1024**3), 2),
    "disk_free_gb": round(disk_info.free / (1024**3), 2),
    "disk_percent": round((disk_info.used / disk_info.total) * 100, 2)
}

health.py:131-132 - Database path disclosure

if hasattr(storage, 'db_path'):
    storage_info["database_path"] = storage.db_path  # Full filesystem path

Authentication Bypass Path

The /api/health/detailed endpoint uses require_read_access which calls get_current_user. When MCP_ALLOW_ANONYMOUS_ACCESS=true, the auth middleware grants access:

# middleware.py:372-379
if ALLOW_ANONYMOUS_ACCESS:
    logger.debug("Anonymous access explicitly enabled, granting read-only access")
    return AuthenticationResult(
        authenticated=True,
        client_id="anonymous",
        scope="read",
        auth_method="none"
    )

Note: The basic /health endpoint (line 68) has no auth dependency at all and returns version and uptime information unconditionally.

Information Exposed

Field	Example Value	Reconnaissance Value
`platform`	`"Linux"`	OS fingerprinting
`platform_version`	`"#1 SMP PREEMPT_DYNAMIC..."`	Kernel version → CVE targeting
`python_version`	`"3.12.1"`	Python CVE targeting
`cpu_count`	`8`	Resource enumeration
`memory_total_gb`	`32.0`	Infrastructure profiling
`database_path`	`"/home/user/.mcp-memory/memories.db"`	Username + file path disclosure
`database_size_mb`	`45.2`	Data volume estimation

Attack Scenario

Attacker scans the local network for services on port 8000
Finds mcp-memory-service with HTTP enabled and anonymous access
Calls GET /api/health/detailed (no credentials needed)
Receives OS version, Python version, full database path (revealing username), system resources
Uses this information to:
Target known CVEs for the specific OS/Python version
Identify the database file location for potential direct access
Profile the system for further attacks

PoC

# Show the system info that would be exposed
import platform, psutil

system_info = {
    "platform": platform.system(),
    "platform_version": platform.version(),
    "python_version": platform.python_version(),
    "cpu_count": psutil.cpu_count(),
    "memory_total_gb": round(psutil.virtual_memory().total / (1024**3), 2),
}
print(system_info)  # All of this is returned to unauthenticated users

Impact

OS fingerprinting: Exact OS and kernel version enables targeted exploit selection
Path disclosure: Database path reveals username, home directory structure, and file locations
Resource enumeration: CPU, memory, and disk info reveal infrastructure scale
Reconnaissance enablement: Combined information significantly reduces attacker effort for follow-up attacks

Remediation

Remove system details from default health endpoint - return only status, version, uptime:

@router.get("/health/detailed")
async def detailed_health_check(
    storage: MemoryStorage = Depends(get_storage),
    user: AuthenticationResult = Depends(require_write_access)  # Require admin/write access
):
    # Only return storage stats, not system info
    ...

Do not expose database_path - this leaks the filesystem structure:

# Remove or redact
# storage_info["database_path"] = storage.db_path  # REMOVE THIS

Add auth to basic /health or limit it to status-only (no version):

@router.get("/health")
async def health_check():
    return {"status": "healthy"}  # No version, no uptime

Alternatively, Bind to 127.0.0.1 by default instead of 0.0.0.0, preventing network-based reconnaissance entirely:

# In config.py — change default from '0.0.0.0' to '127.0.0.1'
HTTP_HOST = os.getenv('MCP_HTTP_HOST', '127.0.0.1')

Users who need network access can explicitly set MCP_HTTP_HOST=0.0.0.0, making the exposure a conscious opt-in rather than a default.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mcp-memory-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-05T21:42:10Z",
    "nvd_published_at": "2026-03-07T16:15:55Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe `/api/health/detailed` endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When `MCP_ALLOW_ANONYMOUS_ACCESS=true` is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default `0.0.0.0` binding, this exposes sensitive reconnaissance data to the entire network.\n\n### Details\n### Vulnerable Code\n\n**`health.py:90-101` - System information collection**\n\n```python\nsystem_info = {\n    \"platform\": platform.system(),              # e.g., \"Linux\", \"Darwin\"\n    \"platform_version\": platform.version(),     # Full OS kernel version string\n    \"python_version\": platform.python_version(),# e.g., \"3.12.1\"\n    \"cpu_count\": psutil.cpu_count(),            # CPU core count\n    \"memory_total_gb\": round(memory_info.total / (1024**3), 2),\n    \"memory_available_gb\": round(memory_info.available / (1024**3), 2),\n    \"memory_percent\": memory_info.percent,\n    \"disk_total_gb\": round(disk_info.total / (1024**3), 2),\n    \"disk_free_gb\": round(disk_info.free / (1024**3), 2),\n    \"disk_percent\": round((disk_info.used / disk_info.total) * 100, 2)\n}\n```\n\n**`health.py:131-132` - Database path disclosure**\n\n```python\nif hasattr(storage, \u0027db_path\u0027):\n    storage_info[\"database_path\"] = storage.db_path  # Full filesystem path\n```\n\n### Authentication Bypass Path\n\nThe `/api/health/detailed` endpoint uses `require_read_access` which calls `get_current_user`. When `MCP_ALLOW_ANONYMOUS_ACCESS=true`, the auth middleware grants access:\n\n```python\n# middleware.py:372-379\nif ALLOW_ANONYMOUS_ACCESS:\n    logger.debug(\"Anonymous access explicitly enabled, granting read-only access\")\n    return AuthenticationResult(\n        authenticated=True,\n        client_id=\"anonymous\",\n        scope=\"read\",\n        auth_method=\"none\"\n    )\n```\n\n**Note**: The basic `/health` endpoint (line 68) has **no auth dependency at all** and returns version and uptime information unconditionally.\n\n### Information Exposed\n\n| Field | Example Value | Reconnaissance Value |\n|-------|--------------|---------------------|\n| `platform` | `\"Linux\"` | OS fingerprinting |\n| `platform_version` | `\"#1 SMP PREEMPT_DYNAMIC...\"` | Kernel version \u2192 CVE targeting |\n| `python_version` | `\"3.12.1\"` | Python CVE targeting |\n| `cpu_count` | `8` | Resource enumeration |\n| `memory_total_gb` | `32.0` | Infrastructure profiling |\n| `database_path` | `\"/home/user/.mcp-memory/memories.db\"` | Username + file path disclosure |\n| `database_size_mb` | `45.2` | Data volume estimation |\n\n### Attack Scenario\n\n1. Attacker scans the local network for services on port 8000\n2. Finds mcp-memory-service with HTTP enabled and anonymous access\n3. Calls `GET /api/health/detailed`  (no credentials needed)\n4. Receives OS version, Python version, full database path (revealing username), system resources\n5. Uses this information to:\n   - Target known CVEs for the specific OS/Python version\n   - Identify the database file location for potential direct access\n   - Profile the system for further attacks\n \n### PoC\n\n```python\n# Show the system info that would be exposed\nimport platform, psutil\n\nsystem_info = {\n    \"platform\": platform.system(),\n    \"platform_version\": platform.version(),\n    \"python_version\": platform.python_version(),\n    \"cpu_count\": psutil.cpu_count(),\n    \"memory_total_gb\": round(psutil.virtual_memory().total / (1024**3), 2),\n}\nprint(system_info)  # All of this is returned to unauthenticated users\n```\n\n### Impact\n- **OS fingerprinting**: Exact OS and kernel version enables targeted exploit selection\n- **Path disclosure**: Database path reveals username, home directory structure, and file locations\n- **Resource enumeration**: CPU, memory, and disk info reveal infrastructure scale\n- **Reconnaissance enablement**: Combined information significantly reduces attacker effort for follow-up attacks\n\n## Remediation\n\n1. **Remove system details from default health endpoint** - return only `status`, `version`, `uptime`:\n\n```python\n@router.get(\"/health/detailed\")\nasync def detailed_health_check(\n    storage: MemoryStorage = Depends(get_storage),\n    user: AuthenticationResult = Depends(require_write_access)  # Require admin/write access\n):\n    # Only return storage stats, not system info\n    ...\n```\n\n2. **Do not expose `database_path`** - this leaks the filesystem structure:\n\n```python\n# Remove or redact\n# storage_info[\"database_path\"] = storage.db_path  # REMOVE THIS\n```\n\n3. **Add auth to basic `/health`** or limit it to status-only (no version):\n\n```python\n@router.get(\"/health\")\nasync def health_check():\n    return {\"status\": \"healthy\"}  # No version, no uptime\n```\nAlternatively, **Bind to `127.0.0.1` by default** instead of `0.0.0.0`, preventing network-based reconnaissance entirely:\n\n```python\n# In config.py \u2014 change default from \u00270.0.0.0\u0027 to \u0027127.0.0.1\u0027\nHTTP_HOST = os.getenv(\u0027MCP_HTTP_HOST\u0027, \u0027127.0.0.1\u0027)\n```\n\nUsers who need network access can explicitly set `MCP_HTTP_HOST=0.0.0.0`, making the exposure a conscious opt-in rather than a default.",
  "id": "GHSA-73hc-m4hx-79pj",
  "modified": "2026-03-09T15:50:08Z",
  "published": "2026-03-05T21:42:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29787"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/doobidoo/mcp-memory-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint"
}

FKIE_CVE-2026-29787

Vulnerability from fkie_nvd - Published: 2026-03-07 16:15 - Updated: 2026-03-11 20:39

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48	Patch
	security-advisories@github.com	https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	doobidoo	mcp-memory-service	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "100791F9-95CC-437C-B5FE-02E465917998",
              "versionEndExcluding": "10.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALLOW_ANONYMOUS_ACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. This issue has been patched in version 10.21.0."
    },
    {
      "lang": "es",
      "value": "mcp-memory-service es un backend de memoria de c\u00f3digo abierto para sistemas multiagente. Antes de la versi\u00f3n 10.21.0, el endpoint /API/health/detailed devuelve informaci\u00f3n detallada del sistema, incluyendo la versi\u00f3n del SO, la versi\u00f3n de Python, el n\u00famero de CPU, los totales de memoria, el uso del disco y la ruta completa del sistema de archivos de la base de datos. Cuando se establece MCP_ALLOW_ANONYMOUS_ACCESS=true (requerido para que el servidor HTTP funcione sin OAuth/clave API), este endpoint es accesible sin autenticaci\u00f3n. Combinado con el enlace predeterminado 0.0.0.0, esto expone datos sensibles de reconocimiento a toda la red. Este problema ha sido parcheado en la versi\u00f3n 10.21.0."
    }
  ],
  "id": "CVE-2026-29787",
  "lastModified": "2026-03-11T20:39:21.507",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-07T16:15:55.743",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/doobidoo/mcp-memory-service/commit/18f4323ca92763196aa2922f691dfbeb6bd84e48"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-73hc-m4hx-79pj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-29787 (GCVE-0-2026-29787)

GHSA-73HC-M4HX-79PJ

Summary

Details

Vulnerable Code

Authentication Bypass Path

Information Exposed

Attack Scenario

PoC

Impact

Remediation

FKIE_CVE-2026-29787

Tags

Sightings

Nomenclature