Zurück zur CVE-Übersicht
CVE-2026-50287
NONERisk Signal Score5/100 — NIEDRIG
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
Beschreibung
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. This issue has been patched in version 0.9.27.
GitHub Advisories
GHSA-63gr-g7jc-v8rgHIGH
@agenticmail/mcp Missing Authentication for Critical Function
npm/@agenticmail/mcp→ 0.9.27
GitHub Advisory