A vulnerability was found in doobidoo mcp-memory-service up to 10.65.2 . It has been declared as problematic . Impacted is an unknown function of the component HTTP MCP JSON-RPC Endpoint . Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-49291 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.