HIGH
Dataojitori
CVE published 2026-05-27
CVE-2026-44830
A critical authentication bypass vulnerability in Nocturne Memory, a Long-Term Memory Server for MCP Agents, allows unauthenticated network attackers to fully compromise memory data when deployed with default Docker configurations. The vulnerability stems from BearerTokenAuthMiddleware failing to enforce authentication when API_TOKEN is unset or empty, combined with permissive default network bindings (0. [truncated]