GHSA-63gr-g7jc-v8rg: @agenticmail/mcp Missing Authentication for Critical Function
(updated )
@agenticmail/mcp exposes a Streamable HTTP transport when started with
--http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests
without any HTTP authentication layer. A remote client can initialize a
session and call tools directly.
The problem is that the MCP server also exposes tools documented as requiring
AGENTICMAIL_MASTER_KEY, and the server process forwards those calls using its
own configured master key. As a result, any client that can reach the MCP HTTP
port can invoke master-only operations without knowing the master key.
References
- github.com/advisories/GHSA-63gr-g7jc-v8rg
- github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/CHANGELOG.md?plain=1
- github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/packages/mcp/README.md?plain=1
- github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/packages/mcp/src/index.ts
- github.com/agenticmail/agenticmail/commit/7b9b05d973676e9f3d097c08b8e649f59bfc15d0
- github.com/agenticmail/agenticmail/commit/7d1791da7c8c8bd4e70d7081db48e18ab55f6736
- github.com/agenticmail/agenticmail/security/advisories/GHSA-63gr-g7jc-v8rg
- nvd.nist.gov/vuln/detail/CVE-2026-50287
Code Behaviors & Features
Detect and mitigate GHSA-63gr-g7jc-v8rg with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →