GHSA-4CM8-XPFV-JV6F

Vulnerability from github – Published: 2026-03-12 16:38 – Updated: 2026-03-12 16:38
VLAI
Summary
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation
Details

Summary

The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak (for example, relaxed SPF/DKIM/DMARC handling), an attacker can spoof an allowlisted sender address and have the message treated as trusted input.

Details

Relevant code paths:

  • src/channels/email_channel.rs:311 extracts sender identity from parsed message headers:
  • let from = parsed.from() ... a.address() ...
  • src/channels/email_channel.rs:328 authorizes using that from value:
  • if !self.is_sender_allowed(&from) { ... }
  • src/channels/email_channel.rs:87 onward (is_sender_allowed) performs allowlist/domain matching against the same header-derived value.
  • There is no in-channel validation of sender authenticity indicators such as SPF/DKIM/DMARC results before allowlist trust decisions.

Result: - Trust decision is based on a potentially spoofable header field unless mailbox/provider-side anti-spoofing controls are strong and enforced.

PoC

  1. Configure email channel with strict sender allowlist:
  2. channels.email.enabled = true
  3. channels.email.allowed_senders = ["ceo@example.com"]
  4. channels.email.deny_by_default = true
  5. Ensure the monitored mailbox accepts or forwards a spoofed message (for testing, use a local SMTP path that does not enforce sender authentication strongly).
  6. Send an email to the monitored inbox with forged header identity:
python - <<'PY'
import smtplib
from email.message import EmailMessage

msg = EmailMessage()
msg["From"] = "ceo@example.com"   # forged trusted sender
msg["To"] = "bot-inbox@example.net"
msg["Subject"] = "forged control message"
msg.set_content("FORGED EMAIL CONTENT")

# Example test SMTP endpoint
with smtplib.SMTP("127.0.0.1", 25) as s:
    s.send_message(msg)
PY
  1. Wait for IMAP fetch/IDLE processing.
  2. Observe the message is accepted as allowlisted sender ceo@example.com and published as inbound channel input.

Impact

  • Vulnerability type: sender identity spoofing risk due to header-based authorization.
  • Affected deployments: those using email channel allowlists where upstream anti-spoof controls are weak, misconfigured, or bypassed.
  • Security effect:
  • Spoofed From headers may bypass logical sender allowlist.
  • Malicious content can enter trusted automation/agent flows as if sent by authorized identities.
  • Risk is reduced in environments with strict SPF/DKIM/DMARC enforcement and strong inbound mail hygiene, but not eliminated at application layer.

Patch Recommendation

Add a sender-authentication gate in src/channels/email_channel.rs immediately after parsing from (src/channels/email_channel.rs:311) and before allowlist enforcement (src/channels/email_channel.rs:328). The gate should require trusted SPF/DKIM/DMARC evidence with domain alignment (for example, DMARC=pass, or aligned SPF/DKIM pass) before is_sender_allowed is evaluated. For backward compatibility, add a configurable mode in EmailConfig (for example, sender_verification_mode), but recommend hardened settings in production: dmarc_aligned, exact-address allowlists, and deny_by_default=true.

Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.7.5"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "zeptoclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T16:38:22Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe email channel authorizes senders based on the parsed `From` header identity only. If upstream email authentication/enforcement is weak (for example, relaxed SPF/DKIM/DMARC handling), an attacker can spoof an allowlisted sender address and have the message treated as trusted input. \n\n### Details\nRelevant code paths:\n\n- `src/channels/email_channel.rs:311` extracts sender identity from parsed message headers:\n  - `let from = parsed.from() ... a.address() ...`\n- `src/channels/email_channel.rs:328` authorizes using that `from` value:\n  - `if !self.is_sender_allowed(\u0026from) { ... }`\n- `src/channels/email_channel.rs:87` onward (`is_sender_allowed`) performs allowlist/domain matching against the same header-derived value.\n- There is no in-channel validation of sender authenticity indicators such as SPF/DKIM/DMARC results before allowlist trust decisions.\n\nResult:\n- Trust decision is based on a potentially spoofable header field unless mailbox/provider-side anti-spoofing controls are strong and enforced.\n\n### PoC\n1. Configure email channel with strict sender allowlist:\n   - `channels.email.enabled = true`\n   - `channels.email.allowed_senders = [\"ceo@example.com\"]`\n   - `channels.email.deny_by_default = true`\n2. Ensure the monitored mailbox accepts or forwards a spoofed message (for testing, use a local SMTP path that does not enforce sender authentication strongly).\n3. Send an email to the monitored inbox with forged header identity:\n\n```bash\npython - \u003c\u003c\u0027PY\u0027\nimport smtplib\nfrom email.message import EmailMessage\n\nmsg = EmailMessage()\nmsg[\"From\"] = \"ceo@example.com\"   # forged trusted sender\nmsg[\"To\"] = \"bot-inbox@example.net\"\nmsg[\"Subject\"] = \"forged control message\"\nmsg.set_content(\"FORGED EMAIL CONTENT\")\n\n# Example test SMTP endpoint\nwith smtplib.SMTP(\"127.0.0.1\", 25) as s:\n    s.send_message(msg)\nPY\n```\n\n4. Wait for IMAP fetch/IDLE processing.\n5. Observe the message is accepted as allowlisted sender `ceo@example.com` and published as inbound channel input.\n\n### Impact\n- Vulnerability type: sender identity spoofing risk due to header-based authorization.\n- Affected deployments: those using email channel allowlists where upstream anti-spoof controls are weak, misconfigured, or bypassed.\n- Security effect:\n  - Spoofed `From` headers may bypass logical sender allowlist.\n  - Malicious content can enter trusted automation/agent flows as if sent by authorized identities.\n- Risk is reduced in environments with strict SPF/DKIM/DMARC enforcement and strong inbound mail hygiene, but not eliminated at application layer.\n\n### Patch Recommendation\nAdd a sender-authentication gate in `src/channels/email_channel.rs` immediately after parsing `from` (`src/channels/email_channel.rs:311`) and before allowlist enforcement (`src/channels/email_channel.rs:328`). The gate should require trusted SPF/DKIM/DMARC evidence with domain alignment (for example, `DMARC=pass`, or aligned SPF/DKIM pass) before `is_sender_allowed` is evaluated. For backward compatibility, add a configurable mode in `EmailConfig` (for example, `sender_verification_mode`), but recommend hardened settings in production: `dmarc_aligned`, exact-address allowlists, and `deny_by_default=true`.",
  "id": "GHSA-4cm8-xpfv-jv6f",
  "modified": "2026-03-12T16:38:22Z",
  "published": "2026-03-12T16:38:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-4cm8-xpfv-jv6f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qhkm/zeptoclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qhkm/zeptoclaw/releases/tag/v0.7.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.