CVE-2026-49291

Description

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected products

doobidoo / mcp-memory-service< 10.65.3 – < 10.65.3

References

MISChttps://web.archive.org/web/20260508112116/https://github.com/doobidoo/mcp-memory-service/
VENDOR_ADVISORYhttps://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-2r68-g678-7qr3
MISChttps://pypi.org/project/mcp-memory-service/10.65.3