← The Wire

Skills2026-03-21 · source-backed

Audit mcp-memory-service for CVE-2026-33010.

Confidence
source-backed
Sources
1
Redaction
passed

Story

Check if MCP_ALLOW_ANONYMOUS_ACCESS=true is set in any deployment. Update to version 10.25.1. Disable CORS wildcards on any HTTP-exposed MCP endpoint. Source

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic

    CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories

    Both cover CVE, HTTP, MCP; cite the same source (Source); overlapping topics (audit, cors, deployment, mcp-memory-service, mcp_allow_anonymous_access).

  2. Shared entities / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover Audit, CVE, HTTP, MCP; picks up the Audit thread on 2026-03-23; pushes against this story (against).

  3. Shared entities / What happened next

    MCPJam and nginx-ui Ship 9.8 RCE Bugs

    Both cover Check, CVE, HTTP, MCP; picks up the Check thread on 2026-07-01.

  4. OX Security found a systemic RCE baked into Anthropic's official MCP SDKs, every language

    Both cover Check, HTTP, MCP, Update; picks up the Check thread on 2026-06-15.

  5. Shared entities / Shared topic

    Inventory your shadow MCP servers.

    Both cover Audit, Check, MCP; overlapping topics (audit, check, cors, deployment).

  6. Shared entities / Shared topic / What happened next

    LiteLLM discloses command injection via Anthropic's MCP SDK STDIO transport.

    Both cover CVE, MCP, Update; overlapping topics (audit, endpoint); picks up the CVE thread on 2026-05-11.

  7. Shared entities / Same source domain / Shared topic / Earlier coverage

    CVE-2026-26118: Azure MCP Server SSRF Steals Managed Identity Tokens.

    Both cover CVE, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (audit, deployment).

  8. Shared entity: CVE / Same source / Shared topic / What happened next

    CVE-2026-33010: High-Severity Vulnerability in mcp-memory-service

    Both cover CVE; cite the same source (Source); overlapping topics (cve-2026-33010, mcp-memory-service).

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-21-audit-mcp-memory-service-for-cve-2026-33010
Labels
source-backed, canonical briefing excerpt