CVE ID :CVE-2026-49291 Published : June 19, 2026, 5:59 p.m. | 5 hours, 9 minutes ago Description :mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-49291 - mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

VERWANDTEARTIKEL

CVE-2026-56082 - Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC

CVE-2026-56081 - Cap-go - Account Lockout via 2FA Misconfiguration on Unverified Email

CVE-2026-56073 - Cap-go - OTP Bypass via Response Manipulation in Email Verification

CVE-2026-47645 - Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

CVE-2026-48582 - Microsoft Exchange Online Elevation of Privilege Vulnerability

CVE-2026-48584 - Microsoft Azure Synapse Elevation of Privilege Vulnerability