HomeCVE Intelligence › CVE-2026-49291
CVSS 8.1 HIGH Vulnerability

CVE-2026-49291: mcp-memory-service: OAuth read-only clients can write and delete memories through MCP too…

Summary The HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call store_memory…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49291
Vendorpip
Affected Productmcp-memory-service
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary The HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call store_memory and delete_memory through MCP even though the corresponding REST endpoints require write scope.

Technical Details src/mcp_memory_service/web/api/mcp.py declares mcp_endpoint with user: AuthenticationResult = Depends(require_read_access). For tools/call, it extracts the requested tool name and arguments, then calls handle_tool_call(storage, tool_name, arguments) without passing the authenticated user or checking a per-tool required scope. The MCP tool registry includes both read tools and write tools. In the same handler file, store_memory creat

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49291 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence