<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Email-Spoofing - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/email-spoofing/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 11 Jul 2026 14:22:32 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/email-spoofing/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-61428: PraisonAI AgentMail Webhook Signature Bypass</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-61428-praisonai-agentmail/</link><pubDate>Sat, 11 Jul 2026 14:22:32 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-61428-praisonai-agentmail/</guid><description>PraisonAI AgentMail versions before 4.6.78 are vulnerable to CVE-2026-61428, an authentication bypass flaw in webhook mode that allows unauthenticated attackers to inject messages with spoofed sender addresses, enabling them to trigger replies to attacker-controlled addresses and bypass email filtering.</description><content:encoded><![CDATA[<p>CVE-2026-61428 impacts PraisonAI AgentMail versions prior to 4.6.78, stemming from a critical lack of signature verification in its webhook functionality. This vulnerability enables unauthenticated attackers to exploit the system by sending specially crafted <code>message.received</code> events to the webhook endpoint. By doing so, they can inject arbitrary content and spoof sender addresses, effectively bypassing any configured sender allow or block lists. The successful exploitation of this flaw allows attackers to manipulate the AgentMail system into triggering replies to addresses under their control. This can lead to various forms of abuse, including the use of the compromised system for malicious email delivery or information gathering. Organizations utilizing PraisonAI AgentMail are advised to update their installations immediately to version 4.6.78 or later to mitigate this risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a PraisonAI AgentMail instance running an affected version (prior to 4.6.78) with a publicly accessible webhook endpoint.</li>
<li>The attacker crafts a <code>message.received</code> event payload, including arbitrary content and a spoofed sender email address.</li>
<li>The attacker sends an HTTP POST request containing the crafted event to the vulnerable AgentMail webhook endpoint.</li>
<li>Due to the lack of signature verification, the AgentMail system processes the incoming message as legitimate, despite its untrusted origin and spoofed sender.</li>
<li>The injected message bypasses any configured sender allow/block lists within the AgentMail system.</li>
<li>The AgentMail system internally processes the arbitrary content and the spoofed sender, potentially believing it came from a trusted source.</li>
<li>The system then triggers a reply or other action based on the injected message, directing it to an email address controlled by the attacker.</li>
<li>The attacker receives the reply, potentially containing sensitive information or confirming successful message injection, and has successfully bypassed email filtering.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The primary impact of CVE-2026-61428 is the ability for unauthenticated attackers to inject arbitrary messages into the AgentMail system using spoofed sender identities. This bypasses security controls like sender allow/block lists, potentially enabling attackers to use the compromised agent for malicious purposes. Attackers can trigger replies to their controlled addresses, which could facilitate data exfiltration, reconnaissance, or further social engineering attacks leveraging the trusted context of the AgentMail system. The vulnerability does not specify immediate system compromise, but rather message manipulation and bypass of crucial security features.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-61428 immediately by upgrading all PraisonAI AgentMail installations to version 4.6.78 or later, as specified in the NVD advisory.</li>
<li>Review your webserver logs for unusual POST requests to webhook endpoints, looking for patterns that might indicate attempts to exploit CVE-2026-61428.</li>
<li>Monitor outbound email activity from your PraisonAI AgentMail instance for unexpected replies or messages sent to unfamiliar external addresses.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>authentication-bypass</category><category>web-exploitation</category><category>message-injection</category><category>email-spoofing</category><category>cve</category></item></channel></rss>