{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/email-spoofing/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-61428"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI AgentMail (\u003c 4.6.78)"],"_cs_severities":["high"],"_cs_tags":["authentication-bypass","web-exploitation","message-injection","email-spoofing","cve"],"_cs_type":"advisory","_cs_vendors":["MervinPraison"],"content_html":"\u003cp\u003eCVE-2026-61428 impacts PraisonAI AgentMail versions prior to 4.6.78, stemming from a critical lack of signature verification in its webhook functionality. This vulnerability enables unauthenticated attackers to exploit the system by sending specially crafted \u003ccode\u003emessage.received\u003c/code\u003e events to the webhook endpoint. By doing so, they can inject arbitrary content and spoof sender addresses, effectively bypassing any configured sender allow or block lists. The successful exploitation of this flaw allows attackers to manipulate the AgentMail system into triggering replies to addresses under their control. This can lead to various forms of abuse, including the use of the compromised system for malicious email delivery or information gathering. Organizations utilizing PraisonAI AgentMail are advised to update their installations immediately to version 4.6.78 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a PraisonAI AgentMail instance running an affected version (prior to 4.6.78) with a publicly accessible webhook endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003emessage.received\u003c/code\u003e event payload, including arbitrary content and a spoofed sender email address.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP POST request containing the crafted event to the vulnerable AgentMail webhook endpoint.\u003c/li\u003e\n\u003cli\u003eDue to the lack of signature verification, the AgentMail system processes the incoming message as legitimate, despite its untrusted origin and spoofed sender.\u003c/li\u003e\n\u003cli\u003eThe injected message bypasses any configured sender allow/block lists within the AgentMail system.\u003c/li\u003e\n\u003cli\u003eThe AgentMail system internally processes the arbitrary content and the spoofed sender, potentially believing it came from a trusted source.\u003c/li\u003e\n\u003cli\u003eThe system then triggers a reply or other action based on the injected message, directing it to an email address controlled by the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the reply, potentially containing sensitive information or confirming successful message injection, and has successfully bypassed email filtering.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of CVE-2026-61428 is the ability for unauthenticated attackers to inject arbitrary messages into the AgentMail system using spoofed sender identities. This bypasses security controls like sender allow/block lists, potentially enabling attackers to use the compromised agent for malicious purposes. Attackers can trigger replies to their controlled addresses, which could facilitate data exfiltration, reconnaissance, or further social engineering attacks leveraging the trusted context of the AgentMail system. The vulnerability does not specify immediate system compromise, but rather message manipulation and bypass of crucial security features.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-61428 immediately by upgrading all PraisonAI AgentMail installations to version 4.6.78 or later, as specified in the NVD advisory.\u003c/li\u003e\n\u003cli\u003eReview your webserver logs for unusual POST requests to webhook endpoints, looking for patterns that might indicate attempts to exploit CVE-2026-61428.\u003c/li\u003e\n\u003cli\u003eMonitor outbound email activity from your PraisonAI AgentMail instance for unexpected replies or messages sent to unfamiliar external addresses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-11T14:22:32Z","date_published":"2026-07-11T14:22:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-61428-praisonai-agentmail/","summary":"PraisonAI AgentMail versions before 4.6.78 are vulnerable to CVE-2026-61428, an authentication bypass flaw in webhook mode that allows unauthenticated attackers to inject messages with spoofed sender addresses, enabling them to trigger replies to attacker-controlled addresses and bypass email filtering.","title":"CVE-2026-61428: PraisonAI AgentMail Webhook Signature Bypass","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-61428-praisonai-agentmail/"}],"language":"en","title":"CraftedSignal Threat Feed - Email-Spoofing","version":"https://jsonfeed.org/version/1.1"}