CNNVD-202602-454 Information
CNNVD ID
CNNVD-202602-454
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Cloudflare Agents是Cloudflare开源的一个在Cloudflare上构建和部署AI代理的工具。 Cloudflare Agents存在安全漏洞,该漏洞源于createHeaderBasedEmailResolver函数解析Message-ID和References标头时缺乏验证,可能导致不安全的直接对象引用攻击,使攻击者可将入站邮件路由至任意Durable Object实例和命名空间。
Description (English)
Cloudflare Ages is an open-source tool for building and deploying AI agents on Cloudflare. There is a security loophole in Cloudflare Agents, which stems from the lack of authentication in the analysis of the Message-ID and Reference markers in the function of CreateHeaderBasedEmailResolver, which may lead to an unsafe direct target reference attack, allowing the assailant to access the station by e-mail to any instance of Durable Object and to name space.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cloudflare
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/cloudflare/agents https://access.redhat.com/security/cve/cve-2026-1664
Patch
https://github.com/cloudflare/agents/releases
Share on: