CVE-2026-1721
Awaiting Analysis Awaiting Analysis - Queue
Reflected XSS in AI Playground OAuth Callback Enables Session Hijacking

Publication date: 2026-02-13

Last updated on: 2026-02-27

Assigner: Cloudflare, Inc.

Description
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session. Root cause The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag. Impact An attacker could craft a malicious link that, when clicked by a victim, would: * Steal user chat message history - Access all LLM interactions stored in the user's session. * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf Mitigation: * PR:Β  https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 * Agents-sdk users should upgrade toΒ [email protected] * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1721
EUVD
EUVD-2026-6173
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudflare agents 0.3.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

This vulnerability is a Reflected Cross-Site Scripting (XSS) issue found in the AI Playground's OAuth callback handler. Specifically, the `error_description` query parameter is directly inserted into an HTML script tag without proper escaping. This allows attackers to inject and execute arbitrary JavaScript code within the victim's browser session.

Impact Analysis

An attacker can craft a malicious link that, when clicked by a victim, can execute arbitrary JavaScript in the victim's session context. This can lead to:

  • Stealing the user's chat message history, including all interactions with large language models stored in the session.
  • Accessing and interacting with connected MCP Servers linked to the victim's session, potentially allowing the attacker to perform actions on behalf of the victim.
Detection Guidance

This vulnerability involves a Reflected Cross-Site Scripting (XSS) attack via the OAuth callback handler's `error_description` query parameter being directly injected into an HTML script tag without escaping.

To detect this vulnerability on your system or network, you can monitor for suspicious OAuth callback URLs containing unusual or malicious script content in the `error_description` parameter.

You can use web proxy tools or network traffic inspection to capture OAuth callback requests and inspect the `error_description` parameter for unescaped script tags or suspicious payloads.

  • Use a web proxy like Burp Suite or OWASP ZAP to intercept OAuth callback requests and analyze the `error_description` parameter.
  • Run a curl command to simulate an OAuth callback with a crafted `error_description` parameter containing script tags to see if the response reflects unescaped script content, for example: curl -v 'https://yourdomain.com/oauth/callback?error_description=<script>alert(1)</script>'
  • Check server logs or application logs for any unusual error messages or script injection attempts in OAuth callback handling.
Mitigation Strategies

Immediate mitigation steps include upgrading to the fixed version of the software and ensuring proper escaping of user-controlled input in OAuth error handling.

  • Upgrade agents-sdk to version [email protected] or later, which includes the fix for this vulnerability.
  • Apply the patch from the official fix in Pull Request #841 (https://github.com/cloudflare/agents/pull/841) that introduces HTML escaping of OAuth error messages using the `escape-html` library.
  • If you are a developer using `configureOAuthCallback` with custom error handling, ensure that all user-controlled input, especially the `error_description` parameter, is properly escaped before being interpolated into HTML or scripts.

These steps prevent injection of malicious scripts and protect user sessions from being compromised via this reflected XSS vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1721. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart