Agenticmail
Monthly
Missing authentication in @agenticmail/mcp prior to 0.9.27 allows unauthenticated remote clients to invoke master-key-only MCP tools when the server is started with --http or MCP_HTTP=1. The /mcp Streamable HTTP endpoint accepts session initialization and tool calls without any Authorization check, and the server forwards calls using its configured AGENTICMAIL_MASTER_KEY, enabling administrative actions such as setup_email_relay, delete_agent, and send_test_email. Publicly available exploit code exists in the GHSA advisory (one-command PoC), though EPSS remains low at 0.06% (19th percentile) and the issue is not on CISA KEV.
Missing authentication in @agenticmail/mcp prior to 0.9.27 allows unauthenticated remote clients to invoke master-key-only MCP tools when the server is started with --http or MCP_HTTP=1. The /mcp Streamable HTTP endpoint accepts session initialization and tool calls without any Authorization check, and the server forwards calls using its configured AGENTICMAIL_MASTER_KEY, enabling administrative actions such as setup_email_relay, delete_agent, and send_test_email. Publicly available exploit code exists in the GHSA advisory (one-command PoC), though EPSS remains low at 0.06% (19th percentile) and the issue is not on CISA KEV.