@agenticmail/mcp@0.9.21

MCP server for AgenticMail — give any AI client real email, SMS, and phone call-control capabilities

  • latest version

    0.9.29

  • latest non vulnerable version

  • first published

    4 months ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @agenticmail/mcp package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Authentication for Critical Function

    @agenticmail/mcp is a MCP server for AgenticMail — give any AI client real email, SMS, and phone call-control capabilities

    Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the process that handles HTTP requests to the /mcp endpoint when started with the --http flag or MCP_HTTP=1 environment variable. An attacker can perform unauthorized administrative and gateway operations by sending unauthenticated HTTP requests to the exposed endpoint, which are then executed with server-side privileges using the configured master key.

    How to fix Missing Authentication for Critical Function?

    Upgrade @agenticmail/mcp to version 0.9.27 or higher.

    <0.9.27