Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 3 hours ago4 views

CVE-2026-50287

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS
Exploits0References1
EUVD
EUVDadded 5 hours ago2 views

EUVD-2026-36544

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS5.3AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/06/01 1:58 p.m.15 views

@agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

8.7CVSS5.9AI score
Exploits0References7Affected Software1
vulnersOsv
vulnersOsvadded 2026/06/01 1:58 p.m.4 views

@agenticmail/api (>=0.6.0 <=0.7.21), @agenticmail/claudecode (>=0.1.0 <=0.1.17) +1 more potentially affected by CVE-2026-50287 via @agenticmail/mcp (>=0.6.2 <=0.7.9)

@agenticmail/mcp NPM version =0.6.2, =0.6.0, =0.1.0, =0.6.0, =0.8.36 Source cves: CVE-2026-50287 Source advisory: OSV:GHSA-63GR-G7JC-V8RG...

5.5AI score
Exploits0
OSV
OSVadded 2026/06/01 1:58 p.m.5 views

GHSA-63GR-G7JC-V8RG @agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

8.7CVSS5.9AI score
Exploits0References7
OSV
OSVadded 2026/05/29 7:23 p.m.5 views

GHSA-WJJV-3MJ2-39HF AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

5.8AI score
Exploits0References8
Rows per page
Query Builder