GitLab Advisory — mcp-memory-service info disclosure (CVE-2026-29787)

AI relevance: MCP memory services are deployed alongside agents; exposing host OS, resources, and DB paths makes it easier to target toolchains that store agent memory or secrets.

• CVE-2026-29787 affects mcp-memory-service when anonymous access is enabled.
• The /api/health/detailed endpoint exposes OS version, Python version, CPU count, memory totals, disk usage, and database filesystem paths.
• The advisory notes that MCP_ALLOW_ANONYMOUS_ACCESS=true is required for HTTP server operation without OAuth/API keys.
• Combined with the default 0.0.0.0 binding, the endpoint can leak reconnaissance data to the entire network.
• The GitHub advisory and fix commit document remediation steps and code changes.

Why it matters

• Recon data accelerates follow‑on attacks against MCP stacks that store embeddings, prompts, or secrets.
• Agent deployments often run on shared infra; leaked filesystem paths and resource profiles help attackers tune payloads.
• “Health” endpoints are frequently overlooked, yet become a low‑effort entry point for adversaries.

What to do

• Patch: upgrade to the fixed release referenced in the advisory/commit.
• Disable anonymous access: require OAuth/API keys for MCP memory service endpoints.
• Restrict exposure: bind to localhost or a private network segment and add firewall rules.
• Audit health endpoints: ensure diagnostics don’t leak host or secret metadata.

Sources

• GitLab Advisory — CVE-2026-29787
• GitHub Advisory — GHSA-73hc-m4hx-79pj
• Fix commit
• NVD entry