CVE-2026-33010
Published: 20 March 2026
Summary
CVE-2026-33010 is a high-severity Permissive Cross-domain Security Policy with Untrusted Domains (CWE-942) vulnerability in Doobidoo Mcp-Memory-Service. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of identified flaws, such as patching to version 10.25.1 which fixes the permissive CORS configuration in mcp-memory-service.
Mandates secure baseline configuration settings for FastAPI CORSMiddleware to restrict origins, credentials, methods, and headers, directly preventing unauthorized cross-origin access.
Limits and authorizes specific actions without identification or authentication, mitigating broad anonymous access that enables malicious sites to read, modify, or delete memories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CORS misconfiguration with anonymous access enables browser-based cross-origin attacks from a malicious site (drive-by compromise) to read local memory data and perform manipulation/deletion on the backend store.
NVD Description
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. The wildcard Access-Control-Allow-Origin: * header permits any website to…
more
read API responses cross-origin. When combined with anonymous access (MCP_ALLOW_ANONYMOUS_ACCESS=true) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are needed, so any malicious website can silently read, modify, and delete all stored memories. This issue has been patched in version 10.25.1.
Deeper analysisAI
CVE-2026-33010 is a cross-origin resource sharing (CORS) misconfiguration vulnerability in mcp-memory-service, an open-source memory backend for multi-agent systems. In versions prior to 10.25.1, when the HTTP server is enabled via MCP_HTTP_ENABLED=true, the application sets FastAPI's CORSMiddleware with overly permissive settings: allow_origins=['*'], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"]. This allows any website to perform cross-origin requests to the API. The vulnerability is rated 8.1 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and is associated with CWE-942.
An attacker can exploit this by hosting a malicious website that a target user visits. If the victim's mcp-memory-service instance also has anonymous access enabled (MCP_ALLOW_ANONYMOUS_ACCESS=true), which is a common setup for the HTTP dashboard without OAuth, the malicious site can silently send cross-origin requests to the service. No credentials are required, enabling the attacker to read, modify, or delete all stored memories in the backend.
The vulnerability has been patched in mcp-memory-service version 10.25.1. Additional details on the fix and remediation are available in the GitHub security advisory at https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-g9rg-8vq5-mpwm.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp