Listen to this Post
The vulnerability in CVE-2026-29787 resides within the mcp-memory-service, an open-source memory backend for multi-agent systems . Prior to version 10.21.0, the `/api/health/detailed` endpoint was designed to return verbose system health data for debugging or monitoring purposes . This data includes highly sensitive reconnaissance information such as the host operating system version, the Python environment version, the number of CPU cores, total memory and disk usage, and critically, the full filesystem path to the database . The flaw is exacerbated by two configuration factors. First, the service requires the `MCP_ALLOW_ANONYMOUS_ACCESS=true` environment variable to be set for the HTTP server to operate without OAuth or an API key, which is a common deployment scenario . Second, the service binds to `0.0.0.0` by default, making it accessible to any reachable network interface . When these conditions are met, the `/api/health/detailed` endpoint becomes completely unauthenticated, effectively broadcasting a detailed blueprint of the server’s internal state and infrastructure to any user or scanner on the network. This information leak (CWE-200) allows an attacker to perform precise reconnaissance without any prior access or interaction, facilitating further targeted attacks . The issue has been addressed and patched by the vendor in version 10.21.0 .
dailycve form:
Platform: mcp-memory-service
Version: <10.21.0
Vulnerability: Sensitive Info Disclosure
Severity: 5.3 MEDIUM
date: 2026-03-07
Prediction: Patch already released
What Undercode Say:
Analytics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Exploit:
Check if the vulnerable endpoint exposes system information
Target a server running mcp-memory-service < 10.21.0 with MCP_ALLOW_ANONYMOUS_ACCESS=true
curl -X GET http://<target-ip>:<port>/api/health/detailed
Example of what an attacker might see (truncated):
{
"os_version": "Linux 5.15.0-91-generic",
"python_version": "3.10.12",
"cpu_count": 8,
"memory_total": "32.4 GB",
"disk_usage": {...},
"database_path": "/var/lib/mcp-memory/data.db"
}
Basic version check to identify vulnerable instances (if version endpoint exists)
curl -X GET http://<target-ip>:<port>/api/version
Protection from this CVE:
- Upgrade: Immediately update `mcp-memory-service` to version 10.21.0 or later .
- Network Segmentation: If immediate patching is not possible, restrict network access to the service’s port using firewall rules, allowing connections only from trusted IPs.
- Disable Anonymous Access: Where possible, configure proper authentication mechanisms (OAuth/API key) instead of setting
MCP_ALLOW_ANONYMOUS_ACCESS=true. - Bind to Localhost: As a temporary mitigation, configure the service to bind only to `127.0.0.1` instead of
0.0.0.0, ensuring only local processes can access the endpoint.
Impact:
Successful exploitation allows an unauthenticated, remote attacker to gain critical intelligence about the target system. This information leakage (OS, Python versions, hardware specs, disk paths) significantly aids in planning subsequent attacks, such as exploiting version-specific vulnerabilities, understanding the infrastructure layout, or locating sensitive data files based on the exposed database path.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

