Description
Summary

An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without proper validation or origin checks, allowing an external attacker with control of these headers to route inbound mail to arbitrary Durable Object instances and namespaces .




Root cause

The `createHeaderBasedEmailResolver()` function lacks cryptographic verification or origin validation for the headers used in the routing logic, effectively allowing external input to dictate internal object routing.




Impact

Insecure Direct Object Reference (IDOR) in email routing lets an attacker steer inbound mail to arbitrary Agent instances via spoofed Message-ID.





Mitigation:

* PR: https://github.com/cloudflare/agents/blob/main/docs/email.md ] provides the necessary architectural context for coding agents to mitigate the issue by refactoring the resolver to enforce strict identity boundaries.
* Agents-sdk users should upgrade to agents@0.3.7
Published: 2026-02-03
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Insecure Direct Object Reference enabling arbitrary routing of inbound mail to Agent instances
Action: Update SDK
AI Analysis

Impact

A flaw in the Cloudflare Agents SDK’s createHeaderBasedEmailResolver function parses the Message-ID and References headers without proper validation, allowing an attacker who controls those headers to specify any agentName or agentId. By spoofing these headers, the attacker can redirect inbound email traffic to arbitrary Durable Object instances or namespaces, potentially causing unsolicited processing, data exposure, or unintended command execution within those instances.

Affected Systems

The vulnerability affects any deployment of the Cloudflare Agents SDK that uses the createHeaderBasedEmailResolver function, including versions prior to agents@0.3.7. Users of older or unpatched instances are at risk, regardless of the particular namespace or application configuration.

Risk and Exploitability

The CVSS base score is 6.9, indicating moderate severity. The EPSS score is below 1%, suggesting a very low probability of observed exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker to send a crafted email with specific header values; therefore, the attack surface is limited to systems that accept inbound mail through the SDK’s email routing logic.

Generated by OpenCVE AI on April 18, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cloudflare Agents SDK to version 0.3.7 or later to apply the official fix for the IDOR issue.
  • Refactor the createHeaderBasedEmailResolver according to the guidance in the project’s email documentation, ensuring strict identity checks and, if possible, cryptographic verification of routing headers.
  • Validate or sign inbound email headers before they influence routing logic; consider disabling email routing for services that do not require it or isolating the agents in a protected namespace.

Generated by OpenCVE AI on April 18, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r7x9-8ph7-w8cg Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
References
Link Providers
https://github.com/cloudflare/agents cve-icon cve-icon
History

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Cloudflare
Cloudflare agents Sdk
Vendors & Products Cloudflare
Cloudflare agents Sdk

Tue, 03 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Description Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without proper validation or origin checks, allowing an external attacker with control of these headers to route inbound mail to arbitrary Durable Object instances and namespaces . Root cause The `createHeaderBasedEmailResolver()` function lacks cryptographic verification or origin validation for the headers used in the routing logic, effectively allowing external input to dictate internal object routing. Impact Insecure Direct Object Reference (IDOR) in email routing lets an attacker steer inbound mail to arbitrary Agent instances via spoofed Message-ID. Mitigation: * PR: https://github.com/cloudflare/agents/blob/main/docs/email.md ] provides the necessary architectural context for coding agents to mitigate the issue by refactoring the resolver to enforce strict identity boundaries. * Agents-sdk users should upgrade to agents@0.3.7
Title Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Cloudflare Agents Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: cloudflare

Published:

Updated: 2026-02-03T14:46:36.842Z

Reserved: 2026-01-29T21:09:21.411Z

Link: CVE-2026-1664

cve-icon Vulnrichment

Updated: 2026-02-03T14:39:52.994Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T12:16:11.953

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T00:30:25Z

Weaknesses