HarborGuard / CVE
Back to search
HIGHCVE-2026-44830Published Modified CNA GitHub_M

CVE-2026-44830: Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow_origins=["*"], operators following the Docker setup without explicitly setting API_TOKEN expose the full Knowledge-Graph read/write API to any LAN-reachable client. An attacker on the same network can read, write, or delete all memory entries — including system://boot and core://* URIs that auto-load into downstream agent sessions, enabling persistent prompt-injection. This vulnerability is fixed in 2.4.1.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An authentication bypass affects Nocturne Memory, a Long-Term Memory Server for MCP Agents. When the API_TOKEN environment variable is unset or left empty, the BearerTokenAuthMiddleware skips all credential checks, and the service binds to 0.0.0.0 with wildcard CORS by default, making the full Knowledge-Graph API reachable to any client on the same network segment without credentials. A successful attacker can read, overwrite, or delete all memory entries, including boot-time URIs that auto-load into connected agent sessions, enabling persistent prompt-injection. HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as a fix version is published upstream.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that package nocturne_memory. Any image containing a vulnerable version of Dataojitori/nocturne_memory is flagged automatically in both registry scans and CI pipeline checks.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v4.0 score of 8.7 (HIGH) and weights it against each environment's compliance policy to determine urgency and routing. Findings are delivered to the inbox or ticket queue configured for the relevant team inside each customer organization.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available the moment a fixed release appears. In the meantime, customers can apply compensating controls through HarborGuard's policy engine, such as network-policy rules that restrict adjacen-network access to the service port.

Pending upstream

Exploit Conditions

  • Network reachabilityDetail

    The attacker must be on the same adjacent network (LAN, VPN, or equivalent segment) as the host running Nocturne Memory; remote internet access is not sufficient on its own.

  • AuthenticationNot required

    No credentials are needed: when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware passes all requests through without any token check.

  • Victim interactionNot required

    The attacker sends HTTP requests directly to the API; no user action or social engineering is needed.

  • Attack complexityDetail

    Exploitation is reliable and condition-free once the attacker is on the adjacent network; no race conditions or special environmental setup are required.

Blast Radius

  • Reads all stored memory entries, including sensitive context the agent has accumulated across sessions.
  • Writes or overwrites memory entries at system://boot and core://* URIs that auto-load into downstream agent sessions, enabling persistent prompt-injection against every agent that connects.
  • Deletes any or all memory entries, permanently destroying the agent's long-term knowledge graph.
  • Achieves full confidentiality, integrity, and availability impact over the Knowledge-Graph API with no privileges required.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against customer images continuously, and any image packaging a vulnerable version of nocturne_memory is flagged in registry and pipeline scans. Because no upstream fix has been published yet, the auto-remediation rebuild flow is not yet available; HarborGuard will make a patched-image rebuild available automatically the moment version 2.4.1 or a later fix is released. While awaiting the upstream patch, customers can apply compensating controls: use HarborGuard's network-policy suggestions to restrict access to the Nocturne Memory service port to trusted network segments only, set API_TOKEN explicitly as a non-empty value in the container's environment configuration, and consider overriding the default CORS and host-binding settings to limit exposure. Customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads as soon as the upstream fix is available.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Dataojitori / nocturne_memory
    < 2.4.1
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References