{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/@agenticmail/core--0.9.9/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@agenticmail/api (\u003c= 0.9.31)","@agenticmail/core (\u003c= 0.9.9)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","sqlinjection","smtpheaderinjection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMultiple vulnerabilities have been identified in AgenticMail API and Core packages. These include insufficient validation in inactive-agent hour filtering, storage SQL identifiers, and SMTP envelope/header control-character validation. Additionally, the advisory highlights missing metadata-backed ownership checks for raw storage SQL, direct storage metadata access through raw SQL, and insecure handling of outbound worker secrets. The issues are addressed in versions later than 0.9.31 for @agenticmail/api and later than 0.9.9 for @agenticmail/core. The validated fixes were rebased on 2026-05-18. This matters for defenders as exploitation of these vulnerabilities could lead to unauthorized data access, code execution, and control over email sending capabilities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable AgenticMail instance running a version of @agenticmail/api \u0026lt;= 0.9.31 or @agenticmail/core \u0026lt;= 0.9.9.\u003c/li\u003e\n\u003cli\u003eIf exploiting the SQL injection, the attacker crafts a malicious SQL query leveraging insufficient validation of storage SQL identifiers (CVE-2026-47255).\u003c/li\u003e\n\u003cli\u003eThe crafted SQL query is injected into the application through a vulnerable API endpoint, bypassing input sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL commands execute against the AgenticMail database, potentially allowing the attacker to read, modify, or delete sensitive data.\u003c/li\u003e\n\u003cli\u003eIf exploiting SMTP header injection, attacker manipulates email headers via insufficiently validated SMTP envelope/header control-characters (CVE-2026-47255).\u003c/li\u003e\n\u003cli\u003eThe manipulated email headers can be used to spoof sender addresses, inject malicious content, or redirect email traffic.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised email functionality to send phishing emails, distribute malware, or conduct other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to sensitive data stored within AgenticMail, including user credentials, email content, and configuration settings. Attackers could also leverage the vulnerabilities to manipulate email sending capabilities, enabling them to conduct phishing campaigns, distribute malware, or disrupt email communications. The lack of TLS certificate verification could further expose sensitive data during email transmission if the explicit opt-out for local development is misused in production.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003e@agenticmail/api\u003c/code\u003e package to a version greater than 0.9.31 to remediate the vulnerabilities related to API handling, input validation, and SQL injection (CVE-2026-47255).\u003c/li\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003e@agenticmail/core\u003c/code\u003e package to a version greater than 0.9.9 to address vulnerabilities related to core functionality, SQL validation, and SMTP header injection (CVE-2026-47255).\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization measures to prevent SQL injection and SMTP header injection attacks as an additional layer of defense.\u003c/li\u003e\n\u003cli\u003eEnable TLS certificate verification for MailSender to ensure secure email transmission, and avoid using the explicit opt-out except for local development purposes.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T19:24:13Z","date_published":"2026-05-29T19:24:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-agenticmail-vulns/","summary":"Multiple vulnerabilities, including SQL injection and SMTP header injection, have been discovered in AgenticMail API and Core packages, addressed in versions greater than 0.9.31 and 0.9.9 respectively, posing a risk of unauthorized access and control.","title":"AgenticMail API and Core Packages Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-05-agenticmail-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — @Agenticmail/Core (\u003c= 0.9.9)","version":"https://jsonfeed.org/version/1.1"}