3 matches found
@agenticmail/mcp Missing Authentication for Critical Function
AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...
GHSA-63GR-G7JC-V8RG @agenticmail/mcp Missing Authentication for Critical Function
AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...
PT-2026-48122
Name of the Vulnerable Software and Affected Versions @agenticmail/mcp versions prior to 0.9.27 Description When started with the --http flag or the MCP HTTP=1 variable, the software exposes a Streamable HTTP transport. In this mode, the '/mcp' endpoint accepts requests without an HTTP...