Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/agents@0.0.81
Typenpm
Namespace
Nameagents
Version0.0.81
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.10
Latest_non_vulnerable_version0.3.10
Affected_by_vulnerabilities
0
url VCID-hazd-1zmu-dubz
vulnerability_id VCID-hazd-1zmu-dubz
summary 
Summary

An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without proper validation or origin checks, allowing an external attacker with control of these headers to route inbound mail to arbitrary Durable Object instances and namespaces .




Root cause

The `createHeaderBasedEmailResolver()` function lacks cryptographic verification or origin validation for the headers used in the routing logic, effectively allowing external input to dictate internal object routing.




Impact

Insecure Direct Object Reference (IDOR) in email routing lets an attacker steer inbound mail to arbitrary Agent instances via spoofed Message-ID.





Mitigation:

  *  PR:  https://github.com/cloudflare/agents/blob/main/docs/email.md ] provides the necessary architectural context for coding agents to mitigate the issue by refactoring the resolver to enforce strict identity boundaries.
  *  Agents-sdk users should  upgrade to agents@0.3.7
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1664
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06757
published_at 2026-06-12T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.0673
published_at 2026-06-14T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06747
published_at 2026-06-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06737
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1664
1
reference_url https://github.com/cloudflare/agents/blob/main/docs/email.md
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/agents/blob/main/docs/email.md
2
reference_url https://github.com/cloudflare/agents
reference_id agents
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:38:24Z/
url https://github.com/cloudflare/agents
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1664
reference_id CVE-2026-1664
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1664
4
reference_url https://github.com/advisories/GHSA-r7x9-8ph7-w8cg
reference_id GHSA-r7x9-8ph7-w8cg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7x9-8ph7-w8cg
5
reference_url https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg
reference_id GHSA-r7x9-8ph7-w8cg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg
fixed_packages
0
url pkg:npm/agents@0.3.7
purl pkg:npm/agents@0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wfzh-76nh-subz
1
vulnerability VCID-xr1u-jyxs-ekdm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/agents@0.3.7
aliases CVE-2026-1664, GHSA-r7x9-8ph7-w8cg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hazd-1zmu-dubz
1
url VCID-wfzh-76nh-subz
vulnerability_id VCID-wfzh-76nh-subz
summary Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
references
0
reference_url https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093
1
reference_url https://github.com/advisories/GHSA-w5cr-2qhr-jqc5
reference_id GHSA-w5cr-2qhr-jqc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5cr-2qhr-jqc5
2
reference_url https://github.com/cloudflare/agents/security/advisories/GHSA-w5cr-2qhr-jqc5
reference_id GHSA-w5cr-2qhr-jqc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/agents/security/advisories/GHSA-w5cr-2qhr-jqc5
fixed_packages
0
url pkg:npm/agents@0.3.10
purl pkg:npm/agents@0.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/agents@0.3.10
aliases GHSA-w5cr-2qhr-jqc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzh-76nh-subz
2
url VCID-xr1u-jyxs-ekdm
vulnerability_id VCID-xr1u-jyxs-ekdm
summary 
Summary

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.




Root cause

The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter,  into an inline `<script>` tag.


Impact

An attacker could craft a malicious link that, when clicked by a victim, would:

  *  Steal user chat message history - Access all LLM interactions stored in the user's session.


  *  Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf





Mitigation:

  *  PR:  https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 




  *  Agents-sdk users should upgrade to agents@0.3.10




  *  Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1721
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06619
published_at 2026-06-11T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06612
published_at 2026-06-14T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06629
published_at 2026-06-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06641
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1721
1
reference_url https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093
2
reference_url https://github.com/cloudflare/agents/pull/841
reference_id 841
reference_type
scores
0
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T13:10:24Z/
url https://github.com/cloudflare/agents/pull/841
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1721
reference_id CVE-2026-1721
reference_type
scores
0
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1721
4
reference_url https://github.com/advisories/GHSA-cvhv-6xm6-c3v4
reference_id GHSA-cvhv-6xm6-c3v4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvhv-6xm6-c3v4
fixed_packages
0
url pkg:npm/agents@0.3.10
purl pkg:npm/agents@0.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/agents@0.3.10
aliases CVE-2026-1721, GHSA-cvhv-6xm6-c3v4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xr1u-jyxs-ekdm
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/agents@0.0.81