Auth bypass in Dataojitori Nocturne_memory

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with…

Vulnerability class: Broken Authentication

EPSS: 0.000 (6.2th percentile) — read the EPSS interpretation.