VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-hazd-1zmu-dubz

Essentials
Severities (15)
References (6)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hazd-1zmu-dubz
Aliases	CVE-2026-1664 GHSA-r7x9-8ph7-w8cg
Summary	Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without proper validation or origin checks, allowing an external attacker with control of these headers to route inbound mail to arbitrary Durable Object instances and namespaces . Root cause The `createHeaderBasedEmailResolver()` function lacks cryptographic verification or origin validation for the headers used in the routing logic, effectively allowing external input to dictate internal object routing. Impact Insecure Direct Object Reference (IDOR) in email routing lets an attacker steer inbound mail to arbitrary Agent instances via spoofed Message-ID. Mitigation: * PR: https://github.com/cloudflare/agents/blob/main/docs/email.md ] provides the necessary architectural context for coding agents to mitigate the issue by refactoring the resolver to enforce strict identity boundaries. * Agents-sdk users should upgrade to agents@0.3.7
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-639	Authorization Bypass Through User-Controlled Key
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-1664
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-1664
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-1664
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-1664
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-r7x9-8ph7-w8cg
cvssv4	6.9	https://github.com/cloudflare/agents
generic_textual	MODERATE	https://github.com/cloudflare/agents
ssvc	Track	https://github.com/cloudflare/agents
cvssv4	6.9	https://github.com/cloudflare/agents/blob/main/docs/email.md
generic_textual	MODERATE	https://github.com/cloudflare/agents/blob/main/docs/email.md
cvssv3.1_qr	MODERATE	https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg
cvssv4	6.9	https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg
generic_textual	MODERATE	https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg
cvssv4	6.9	https://nvd.nist.gov/vuln/detail/CVE-2026-1664
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2026-1664

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-1664
		https://github.com/cloudflare/agents/blob/main/docs/email.md
agents		https://github.com/cloudflare/agents
CVE-2026-1664		https://nvd.nist.gov/vuln/detail/CVE-2026-1664
GHSA-r7x9-8ph7-w8cg		https://github.com/advisories/GHSA-r7x9-8ph7-w8cg
GHSA-r7x9-8ph7-w8cg		https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg

No exploits are available.

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Found at https://github.com/cloudflare/agents

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:38:24Z/ Found at https://github.com/cloudflare/agents

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Found at https://github.com/cloudflare/agents/blob/main/docs/email.md

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Found at https://github.com/cloudflare/agents/security/advisories/GHSA-r7x9-8ph7-w8cg

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-1664

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.06737
EPSS Score	0.00023
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:50:09.633104+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/1xxx/CVE-2026-1664.json	38.6.0