{"vulnerability": "CVE-2026-50027", "sightings": [{"uuid": "cf4b66c8-1209-4823-a556-4cfc6ccc0def", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50027", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-84hp-mqvj-3p8h", "content": "", "creation_timestamp": "2026-07-02T16:35:08.629460Z"}, {"uuid": "7e19adc4-02a8-4d9f-9d50-a9e619092e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50027", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116853809243699371", "content": "CVE-2026-50027: mcp-memory-service (&lt;10.67.1) has a CRITICAL auth bypass in /api/documents/* \ud83d\udea8. Unauthenticated attackers can read, write, delete memory data. Restrict access or disable endpoints until fixed. https://radar.offseq.com/threat/ghsa-84hp-mqvj-3p8h-mcp-memory-service-missing-aut-09a7b270b55ce238 #OffSeq #CVE202650027 #APIsecurity", "creation_timestamp": "2026-07-03T03:00:27.086970Z"}, {"uuid": "0b8deadc-80da-4c83-8d13-b2c2d85c5520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50027", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprj4bhqii2u", "content": "CVE-2026-50027 - mcp-memory-service\nAn attacker can upload, read, or delete sensitive data without a password. This is a security risk because it allows unauthorized access to user memories. To fix this, update the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#pip #CVE #infosec", "creation_timestamp": "2026-07-03T21:40:08.510767Z"}]}