2 matches found
@agenticmail/api (>=0.6.0 <=0.7.21), @agenticmail/claudecode (>=0.1.0 <=0.1.17) +1 more potentially affected by CVE-2026-50287 via @agenticmail/mcp (>=0.6.2 <=0.7.9)
@agenticmail/mcp NPM version =0.6.2, =0.6.0, =0.1.0, =0.6.0, =0.8.36 Source cves: CVE-2026-50287 Source advisory: OSV:GHSA-63GR-G7JC-V8RG...
GHSA-WJJV-3MJ2-39HF AgenticMail API/storage and outbound relay hardening fixes
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...