@openai/agents-core is vulnerable to Improper Authorization
59
Medium Risk
The hostedMcpTool helper and tool-search loading in the core package build the hosted MCP require_approval policy without validating its shape. Unsupported policy strings, unknown object keys, malformed toolNames filters, and tools listed in both always and never are accepted and passed through unchanged. A malformed or contradictory approval policy can silently weaken or disable the human-in-the-loop approval gate so hosted MCP tool calls run without the intended approval. The fix adds a shared validator that normalizes the policy and rejects invalid or overlapping configurations.
You are affected if you are using a version that falls within the vulnerable range and configure hosted MCP tools with require_approval approval policies.
@openai/agents-core is vulnerable to Improper Authorization in versions 0.0.7 - 0.10.0.
Upgrade the @openai/agents-core and/or the @openai/agents library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant