Missing Authentication for Critical Function Affecting @agenticmail/core package, versions <0.9.43


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Missing Authentication for Critical Function vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-AGENTICMAILCORE-17817088
  • published4 Jul 2026
  • disclosed18 Jun 2026
  • creditmatte1782

Introduced: 18 Jun 2026

New CVE NOT AVAILABLE CWE-306  (opens in a new tab)

How to fix?

Upgrade @agenticmail/core to version 0.9.43 or higher.

Overview

@agenticmail/core is a Core SDK for AgenticMail — email, SMS, and phone call-control for AI agents

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handleBridgeMail process. An attacker can execute arbitrary operating system commands, read or write files, and exfiltrate data under the operator's OAuth identity by sending a crafted external email to the bridge inbox, which is processed without verifying the sender's authenticity and embeds attacker-controlled fields directly into a privileged agent session. This is only exploitable if a headless-bridge deployment is configured with a fresh host-session (<24h) and external mail is routed to the bridge inbox.

CVSS Base Scores

version 4.0
version 3.1