PatchSiren cyber security CVE debrief
CVE-2026-50287 agenticmail CVE debrief
CVE-2026-50287 is a HIGH severity vulnerability in AgenticMail. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. This issue has been patched in version 0.9.27.
- Vendor
- agenticmail
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of AgenticMail prior to version 0.9.27 who have enabled the Streamable HTTP transport by starting with --http or setting MCP_HTTP=1.
Technical summary
The @agenticmail/mcp module in AgenticMail, when started with --http or MCP_HTTP=1, exposes an unauthenticated /mcp endpoint. This allows remote clients to initialize sessions and call tools directly without any HTTP authentication.
Defensive priority
HIGH
Recommended defensive actions
- Update AgenticMail to version 0.9.27 or later.
- Avoid using the --http or MCP_HTTP=1 flags to start the @agenticmail/mcp module.
- Implement proper authentication and authorization for the /mcp endpoint.
Evidence notes
CVE-2026-50287 has a CVSS score of 8.7 and is classified as HIGH severity. The vulnerability was patched in version 0.9.27 of AgenticMail.
Official resources
-
CVE-2026-50287 CVE record
CVE.org
-
CVE-2026-50287 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-50287 was published on 2026-06-12T20:16:46.940Z and has not been modified since then.