3 matches found
@anngdinh/remote-mcp-server-authless (=0.0.0), @apideck/mcp (>=0.1.9 <=0.1.13) +152 more potentially affected by CVE-2026-1664 via agents (>=0.0.100 <=0.3.10)
agents NPM version =0.0.100, =0.1.9, =0.4.0, =0.1.0, =1.1.1, =0.1.0, =0.2.0, =0.1.0, =0.0.1, =2.1.6, =2.3.14 and more Source cves: CVE-2026-1664 Source advisory: SNYK:JS-AGENTS-15209148...
@anngdinh/remote-mcp-server-authless (=0.0.0), @apideck/mcp (>=0.1.9 <=0.1.13) +152 more potentially affected by CVE-2026-1664 via agents (>=0.0.100 <=0.3.10)
agents NPM version =0.0.100, =0.1.9, =0.4.0, =0.1.0, =1.1.1, =0.1.0, =0.2.0, =0.1.0, =0.0.1, =2.1.6, =2.3.14 and more Source cves: CVE-2026-1664 Source advisory: OSV:GHSA-R7X9-8PH7-W8CG...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...