← The Wire

Public story · 2026-03-22 · source-backed

CVE-2026-33010: High-Severity Vulnerability in mcp-memory-service

Confidence
source-backed
Sources
1
Redaction
passed

Story

CVSS 8.1 vulnerability disclosed March 20 in mcp-memory-service, a widely used open-source memory backend for multi-agent systems. Distinct from the Azure MCP SSRF patched earlier this month — core agent infrastructure, not just hosting layers, carries significant unpatched risk. Source

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic / Earlier coverage

    CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories

    Both cover CVE, CVSS, March; cite the same source (Source); overlapping topics (agent, cvss, mcp-memory-service).

  2. Shared entities / Same source domain / Shared topic / What happened next

    CVE-2026-41329: OpenClaw Sandbox Bypass, CVSS 9.9.

    Both cover CVE, CVSS, March; reported by the same outlet (thehackerwire.com); overlapping topics (cvss, disclosed).

  3. MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10

    Both cover CVE, CVSS; reported by the same outlet (thehackerwire.com); overlapping topics (agent, azure, cvss).

  4. Shared entities / Shared topic / What happened next

    AI-Generated Code CVEs Hit 35 in March. That's 6x January's Count, and the Trend Line Isn't Flattening.

    Both cover CVE, CVSS, March; overlapping topics (agent, vulnerability); picks up the CVE thread on 2026-03-29.

  5. Shared entities / Same source domain / Shared topic / Earlier coverage

    CVE-2026-26118: First MCP Server Infrastructure CVE.

    Both cover CVE, CVSS; reported by the same outlet (thehackerwire.com); overlapping topics (azure, cvss, infrastructure).

  6. Shared entities / Shared topic / Earlier coverage / Tension

    CVE-2026-27482: Ray Dashboard Vulnerability

    Both cover CVE, CVSS; overlapping topics (cvss, disclosed, infrastructure); earlier CVE coverage from 2026-02-21.

  7. Shared entities / Same source domain / Shared topic / Earlier coverage

    CVE-2026-4496: OS Command Injection in Git-MCP-Server

    Both cover CVE, CVSS; reported by the same outlet (thehackerwire.com); overlapping topics (agent, cvss).

  8. CVE-2026-27966: Langflow CSV Agent RCE (CVSS 9.8)

    Both cover CVE, CVSS; reported by the same outlet (thehackerwire.com); overlapping topics (agent, cvss).

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-22-cve-2026-33010-high-severity-vulnerability-in-mcp-memory-service
Labels
source-backed, canonical briefing excerpt