CVE-2026-47255

Description

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct storage metadata access through raw SQL; fail-closed outbound worker secret handling; SMTP envelope/header control-character validation before command construction; and TLS certificate verification as the default for MailSender with an explicit opt-out for local development. Validation completed locally with targeted API/Core security tests plus API/Core builds. The security patch branch was not published publicly because te repository's SECURITY.md asks reporters not to open public vulnerability issues.

How to fix CVE-2026-47255

To remediate CVE-2026-47255, upgrade the affected package to a fixed version below.

• —upgrade to 0.9.32 or later
• —upgrade to 0.9.10 or later

Is CVE-2026-47255 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-47255.

Affected packages (2)

• from 0, < 0.9.32
• from 0, < 0.9.10

References (8)

• PATCHgithub.com/agenticmail/agenticmail
• WEBgithub.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/CHANGELOG.md?plain=1#L1842
• WEBgithub.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/packages/core/src/mail/sender.ts#L33
• WEB