AgenticMail Vulnerability Introduces Cleartext Mail Delivery

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

[emaillocker id="1283"]

CVE-2026-47255 with a CVSS score of 7.5 is a high-severity vulnerability affecting the npm packages @agenticmail/api and @agenticmail/core. The issue stems from multiple security weaknesses, including improper input validation, SQL injection risks, insufficient access controls, insecure outbound mail handling, hardcoded secrets, and disabled TLS certificate verification by default. These flaws could allow attackers to manipulate SQL queries, gain unauthorized access to stored data, abuse outbound email functionality, intercept email communications, or bypass security restrictions. The vulnerabilities were addressed through enhanced validation, ownership verification, secure secret management, SMTP input sanitization, and enforced TLS certificate verification.

RECOMMENDATION:

We recommend you to update @agenticmail/api and @agenticmail/core to version 0.9.32 or 0.9.10 or later.

REFERENCES:

The following reports contain further technical details:

https://github.com/advisories/GHSA-wjjv-3mj2-39hf

[/emaillocker]

Recent Advisories

Fake Video Player Deploys Loader DLLs with Miner and RAT

June 1, 2026

HaxCMS Vulnerability Produces Web Page Scripting Effects

June 1, 2026

vm2 Vulnerabilities Arise from Cross-Layer Symbol Handling Defects

June 1, 2026

CC-Tweaked Vulnerability Impairs Cloud Network Traffic Boundaries

June 1, 2026

AgenticMail Vulnerability Introduces Cleartext Mail Delivery

Recent Advisories

Report an Incident