CVE-2026-1721
Reflected XSS in AI Playground OAuth Callback Enables Session Hijacking
Publication date: 2026-02-13
Last updated on: 2026-02-27
Assigner: Cloudflare, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloudflare | agents | 0.3.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue found in the AI Playground's OAuth callback handler. Specifically, the `error_description` query parameter is directly inserted into an HTML script tag without proper escaping. This allows attackers to inject and execute arbitrary JavaScript code within the victim's browser session.
How can this vulnerability impact me? :
An attacker can craft a malicious link that, when clicked by a victim, can execute arbitrary JavaScript in the victim's session context. This can lead to:
- Stealing the user's chat message history, including all interactions with large language models stored in the session.
- Accessing and interacting with connected MCP Servers linked to the victim's session, potentially allowing the attacker to perform actions on behalf of the victim.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a Reflected Cross-Site Scripting (XSS) attack via the OAuth callback handler's `error_description` query parameter being directly injected into an HTML script tag without escaping.
To detect this vulnerability on your system or network, you can monitor for suspicious OAuth callback URLs containing unusual or malicious script content in the `error_description` parameter.
You can use web proxy tools or network traffic inspection to capture OAuth callback requests and inspect the `error_description` parameter for unescaped script tags or suspicious payloads.
- Use a web proxy like Burp Suite or OWASP ZAP to intercept OAuth callback requests and analyze the `error_description` parameter.
- Run a curl command to simulate an OAuth callback with a crafted `error_description` parameter containing script tags to see if the response reflects unescaped script content, for example: curl -v 'https://yourdomain.com/oauth/callback?error_description=<script>alert(1)</script>'
- Check server logs or application logs for any unusual error messages or script injection attempts in OAuth callback handling.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading to the fixed version of the software and ensuring proper escaping of user-controlled input in OAuth error handling.
- Upgrade agents-sdk to version [email protected] or later, which includes the fix for this vulnerability.
- Apply the patch from the official fix in Pull Request #841 (https://github.com/cloudflare/agents/pull/841) that introduces HTML escaping of OAuth error messages using the `escape-html` library.
- If you are a developer using `configureOAuthCallback` with custom error handling, ensure that all user-controlled input, especially the `error_description` parameter, is properly escaped before being interpolated into HTML or scripts.
These steps prevent injection of malicious scripts and protect user sessions from being compromised via this reflected XSS vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know