Fluid Attacks Database

Description

AgenticMail API/storage and outbound relay hardening fixes The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct storage metadata access through raw SQL; fail-closed outbound worker secret handling; SMTP envelope/header control-character validation before command construction; and TLS certificate verification as the default for MailSender with an explicit opt-out for local development. Validation completed locally with targeted API/Core security tests plus API/Core builds. The security patch branch was not published publicly because te repository's SECURITY.md asks reporters not to open public vulnerability issues.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	@agenticmail/api	>=0 <0.9.32	0.9.32
npm	@agenticmail/core	>=0 <0.9.10	0.9.10

Aliases

1. CVE-2026-472552. NVD-2026-472553. OSV-2026-472554. GHSA-wjjv-3mj2-39hf5. GCVE-2026-47255

References

1. https://github.com/agenticmail/agenticmail/security/advisories/GHSA-wjjv-3mj2-39hf2. https://github.com/agenticmail/agenticmail/commit/1408de543fa3577d8c2d4fdb289c75fe6faafac73. https://github.com/agenticmail/agenticmail/commit/234b811e426a0743170f3b10bc43419d643301554. https://github.com/agenticmail/agenticmail/commit/6c70c8254c906f823392d7f5ccee88a5481e77315. https://github.com/agenticmail/agenticmail/commit/8cb053f2307dd77b7736ffa0d7df04b0ccc3272d6. https://github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/CHANGELOG.md?plain=1#L18427. https://github.com/agenticmail/agenticmail/blob/7b9b05d973676e9f3d097c08b8e649f59bfc15d0/packages/core/src/mail/sender.ts#L33