diff --git a/kos-mock/src/main/java/com/phonebill/kosmock/config/SecurityConfig.java b/kos-mock/src/main/java/com/phonebill/kosmock/config/SecurityConfig.java
index a29c40c..18cf581 100644
--- a/kos-mock/src/main/java/com/phonebill/kosmock/config/SecurityConfig.java
+++ b/kos-mock/src/main/java/com/phonebill/kosmock/config/SecurityConfig.java
@@ -1,11 +1,18 @@
 package com.phonebill.kosmock.config;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 /**
  * 보안 설정
@@ -15,6 +22,9 @@ import org.springframework.security.web.SecurityFilterChain;
 @EnableWebSecurity
 public class SecurityConfig {
 
+    @Value("${cors.allowed-origins}")
+    private String allowedOrigins;
+
     /**
      * 보안 필터 체인 설정
      * 내부 시스템용 Mock 서비스이므로 모든 요청을 허용합니다.
@@ -25,6 +35,9 @@ public class SecurityConfig {
             // CSRF 보호 비활성화 (Mock 서비스)
             .csrf(AbstractHttpConfigurer::disable)
             
+            // CORS 설정
+            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+            
             // 프레임 옵션 비활성화 (Swagger UI 사용)
             .headers(headers -> headers
                 .frameOptions(frameOptions -> frameOptions.disable())
@@ -32,9 +45,43 @@ public class SecurityConfig {
             
             // 모든 요청 허용
             .authorizeHttpRequests(auth -> auth
+                // OPTIONS 요청은 모두 허용 (CORS Preflight)
+                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                 .anyRequest().permitAll()
             );
 
         return http.build();
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+
+        // HTTP 메소드 설정 - 모든 표준 메소드 허용
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"));
+        
+        // 헤더 설정 - 모든 헤더 허용 (Content-Type, Authorization 등)
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        
+        // 인증정보 포함 허용 (Cookie, Authorization 헤더 등)
+        configuration.setAllowCredentials(true);
+        
+        // Preflight 요청 캐시 시간 (1시간)
+        configuration.setMaxAge(3600L);
+        
+        // 노출할 헤더 설정 (클라이언트에서 접근 가능한 헤더)
+        configuration.setExposedHeaders(Arrays.asList(
+            "Authorization", 
+            "Content-Type", 
+            "X-Requested-With",
+            "Access-Control-Allow-Origin",
+            "Access-Control-Allow-Credentials"
+        ));
+        
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
\ No newline at end of file
diff --git a/kos-mock/src/main/resources/application.yml b/kos-mock/src/main/resources/application.yml
index f66af18..284b3e5 100644
--- a/kos-mock/src/main/resources/application.yml
+++ b/kos-mock/src/main/resources/application.yml
@@ -68,6 +68,10 @@ logging:
   file:
     name: logs/kos-mock-service.log
 
+# CORS 설정
+cors:
+  allowed-origins: ${CORS_ALLOWED_ORIGINS:*}
+
 # Swagger/OpenAPI
 springdoc:
   api-docs: