CVE-2026-29787 is a medium-severity security vulnerability in mcp-memory-service (pip), affecting versions < 10.21.0. It is fixed in 10.21.0.
Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default 0.0.0.0 binding, this exposes sensitive reconnaissance data to the entire network. Details Vulnerable Code health.py:90-101 - System information collection health.py:131-132 - Database path disclosure Authentication Bypass Path The /api/health/detailed endpoint uses requirereadaccess which calls getcurrentuser. When MCPALLOWANONYMOUSACCESS=true, the auth middleware grants access: Note: The basic /health endpoint (line 68) has no auth dependency at all and returns version and uptime information unconditionally. Information Exposed | Field | Example Value | Reconnaissance Value | |-------|--------------|---------------------| | platform | "Linux" | OS fingerprinting | | platformversion | "#1 SMP PREEMPTDYNAMIC..." | Kernel version → CVE targeting | | pythonversion | "3.12.1" | Python CVE targeting | | cpucount | 8 | Resource enumeration | | memorytotalgb | 32.0 | Infrastructure profiling | | databasepath | "/home/user/.mcp-memory/memories.db" | Username + file path disclosure | | databasesizemb | 45.2 | Data volume estimation | Attack Scenario Attacker scans the local network for services on port 8000 Finds mcp-memory-service with HTTP enabled and anonymous access Calls GET /api/health/detailed (no credentials needed) Receives OS version, Python version, full database path (revealing username), system resources Uses this information to: Target known CVEs for the specific OS/Python version Identify the database file location for potential direct access Profile the system for further attacks PoC Impact OS fingerprinting: Exact OS and kernel version enables targeted exploit selection Path disclosure: Database path reveals username, home directory structure, and file locations Resource enumeration: CPU, memory, and disk info reveal infrastructure scale Reconnaissance enablement: Combined information significantly reduces attacker effort for follow-up attacks Remediation Remove system details from default health endpoint - return only status, version, uptime: Do not expose databasepath - this leaks the filesystem structure: Add auth to basic /health or limit it to status-only (no version): Alternatively, Bind to 127.0.0.1 by default instead of 0.0.0.0, preventing network-based reconnaissance entirely: Users who need network access can explicitly set MCPHTTPHOST=0.0.0.0, making the exposure a conscious opt-in rather than a default.
CVE-2026-29787 has a CVSS score of 5.3 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (10.21.0). Upgrading removes the vulnerable code path.
pip
mcp-memory-service (< 10.21.0)mcp-memory-service → 10.21.0 (pip)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-29787 is reachable in your applications. Explore AI application security for your team.
See if CVE-2026-29787 is reachable in your applications. Get a demo
Already deployed Kodem? See CVE-2026-29787 in your environment →Upgrade mcp-memory-service to 10.21.0 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-29787 is a medium-severity security vulnerability in mcp-memory-service (pip), affecting versions < 10.21.0. It is fixed in 10.21.0.
CVE-2026-29787 has a CVSS score of 5.3 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
mcp-memory-service (pip) versions < 10.21.0 is affected.
Yes. CVE-2026-29787 is fixed in 10.21.0. Upgrade to this version or later.
Whether CVE-2026-29787 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade mcp-memory-service to 10.21.0 or later.