Skills2026-03-21 · source-backed
Audit mcp-memory-service for CVE-2026-33010.
Story
Check if MCP_ALLOW_ANONYMOUS_ACCESS=true is set in any deployment. Update to version 10.25.1. Disable CORS wildcards on any HTTP-exposed MCP endpoint. Source
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic
CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories
Both cover CVE, HTTP, MCP; cite the same source (Source); overlapping topics (audit, cors, deployment, mcp-memory-service, mcp_allow_anonymous_access).
Shared entities / What happened next / Tension
MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth
Both cover Audit, CVE, HTTP, MCP; picks up the Audit thread on 2026-03-23; pushes against this story (against).
Shared entities / What happened next
MCPJam and nginx-ui Ship 9.8 RCE Bugs
Both cover Check, CVE, HTTP, MCP; picks up the Check thread on 2026-07-01.
OX Security found a systemic RCE baked into Anthropic's official MCP SDKs, every language
Both cover Check, HTTP, MCP, Update; picks up the Check thread on 2026-06-15.
Shared entities / Shared topic
Inventory your shadow MCP servers.
Both cover Audit, Check, MCP; overlapping topics (audit, check, cors, deployment).
Shared entities / Shared topic / What happened next
LiteLLM discloses command injection via Anthropic's MCP SDK STDIO transport.
Both cover CVE, MCP, Update; overlapping topics (audit, endpoint); picks up the CVE thread on 2026-05-11.
Shared entities / Same source domain / Shared topic / Earlier coverage
CVE-2026-26118: Azure MCP Server SSRF Steals Managed Identity Tokens.
Both cover CVE, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (audit, deployment).
Shared entity: CVE / Same source / Shared topic / What happened next
CVE-2026-33010: High-Severity Vulnerability in mcp-memory-service
Both cover CVE; cite the same source (Source); overlapping topics (cve-2026-33010, mcp-memory-service).
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — Saturday, March 21, 2026
- AI generated
- no
- Story unit
- 2026-03-21-audit-mcp-memory-service-for-cve-2026-33010
- Labels
- source-backed, canonical briefing excerpt