<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T06:11:08.459964+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cd2adc8f-3e8a-4ba1-9ffb-030ef1305d01/export</id>
    <title>cd2adc8f-3e8a-4ba1-9ffb-030ef1305d01</title>
    <updated>2026-07-17T06:11:08.471874+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cd2adc8f-3e8a-4ba1-9ffb-030ef1305d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-63gr-g7jc-v8rg", "type": "seen", "source": "https://gist.github.com/alon710/64eb910b8e690847cdc9aafa60c45d51", "content": "# GHSA-63GR-G7JC-V8RG: GHSA-63GR-G7JC-V8RG: Missing Authentication in AgenticMail MCP HTTP Transport Layer\n\n&amp;gt; **CVSS Score:** 9.8\n&amp;gt; **Published:** 2026-06-01\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-63GR-G7JC-V8RG\n\n## Summary\nAn architectural flaw in the optional Streamable HTTP transport mode of @agenticmail/mcp allows unauthenticated remote network clients to execute administrative API commands. The server, holding the AGENTICMAIL_MASTER_KEY, functions as a confused deputy, letting attackers run privileged functions like deleting agents and establishing mail relays.\n\n## TL;DR\nUnauthenticated remote attackers can execute high-privilege administrative tools on @agenticmail/mcp servers running in HTTP mode because the /mcp endpoint lacks authentication checks and binds to all interfaces by default.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-306\n- **Attack Vector**: Network\n- **CVSS Score**: 9.8\n- **EPSS Score**: N/A (Requires CVE ID assignment)\n- **Impact**: Unauthenticated administrative tool execution\n- **Exploit Status**: Proof-of-Concept (PoC) available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- AgenticMail MCP Server HTTP Transport Layer\n- AgenticMail Command Line Interface (CLI)\n- AgenticMail ClaudeCode Integration\n- AgenticMail Codex Integration\n- **@agenticmail/mcp**: &amp;lt; 0.9.27 (Fixed in: `0.9.27`)\n- **@agenticmail/cli**: &amp;lt; 0.9.101 (Fixed in: `0.9.101`)\n- **@agenticmail/claudecode**: &amp;lt; 0.2.32 (Fixed in: `0.2.32`)\n- **@agenticmail/codex**: &amp;lt; 0.1.26 (Fixed in: `0.1.26`)\n\n## Mitigation\n\n- Disable HTTP mode entirely if not strictly required, relying on default Stdio transport instead.\n- Restrict network-level access to the port (default 8014) through firewalls and network access control lists (NACLs).\n- Ensure the local directory containing user tokens is secured with permissions restricting access to the process owner.\n\n**Remediation Steps:**\n1. Update @agenticmail/mcp to version 0.9.27 or higher.\n2. Force-update downsteam consumer tooling such as @agenticmail/cli to version 0.9.101, @agenticmail/claudecode to 0.2.32, and @agenticmail/codex to 0.1.26.\n3. Audit existing deployment scripts and process configuration managers to guarantee that the '--insecure' CLI parameter is not used.\n\n## References\n\n- [AgenticMail Advisory Record](https://github.com/agenticmail/agenticmail/security/advisories/GHSA-63gr-g7jc-v8rg)\n- [GitHub Advisory Database Entry](https://github.com/advisories/GHSA-63gr-g7jc-v8rg)\n- [Vulnerable Source File Link](https://github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/packages/mcp/src/index.ts#L311)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-63GR-G7JC-V8RG) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T09:11:00.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cd2adc8f-3e8a-4ba1-9ffb-030ef1305d01/export"/>
    <published>2026-06-03T09:11:00+00:00</published>
  </entry>
</feed>
