CVE-2026-42073
Analyzed Analyzed - Analysis Complete
Authentication Bypass in OpenClaude MCP Server

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: GitHub, Inc.

Description
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down β€” without knowing the state value at all. This issue has been patched in version 0.5.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-42073
EUVD
EUVD-2026-33973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gitlawb openclaude to 0.5.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42073 is a vulnerability in the OpenClaude MCP authentication flow where an attacker can bypass the OAuth state validation check due to a logic flaw in handling error parameters.

Specifically, the local OAuth callback server starts a temporary HTTP server to handle OAuth callbacks and validates a state parameter to prevent CSRF attacks. However, if an error parameter is present in the request, the state validation is skipped entirely, allowing an attacker to force the server to shut down without knowing the state value.

This flaw allows an attacker to remotely trigger a denial of service by terminating the user's active authentication session through a malicious cross-origin request.

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) during the OAuth authentication process.

An attacker can remotely force the local OAuth callback server to shut down, terminating your active authentication session without needing any authentication or knowledge of the state parameter.

This disruption affects availability, preventing successful authentication and potentially blocking access to services relying on OpenClaude's authentication flow.

Detection Guidance

This vulnerability involves the OpenClaude MCP authentication flow where the local OAuth callback server improperly handles requests containing an error parameter, causing it to shut down unexpectedly.

To detect exploitation attempts on your system or network, monitor for unexpected shutdowns or interruptions of the OpenClaude local OAuth callback server during authentication flows.

You can also inspect HTTP requests to the local OAuth callback server for the presence of query parameters containing "error" (e.g., ?error=anything) which bypass state validation.

Suggested commands include using network monitoring or packet capture tools to filter such requests. For example, using tcpdump or tshark to capture HTTP requests to the local server port and filter for "error" parameters:

  • tcpdump -i <interface> -A 'tcp port <local_oauth_port> and (((tcp[((tcp[12:1] & 0xf0) >> 2):4]) = 0x47455420))' | grep 'error='
  • tshark -i <interface> -Y 'http.request.uri contains "error=" and tcp.port == <local_oauth_port>'

Replace <interface> with your network interface and <local_oauth_port> with the port used by the OpenClaude local OAuth callback server.

Additionally, reviewing OpenClaude logs for unexpected server shutdowns or error parameter handling anomalies can help detect attempts to exploit this vulnerability.

Mitigation Strategies

The primary mitigation is to upgrade OpenClaude to version 0.5.1 or later, where the vulnerability has been patched by enforcing proper OAuth state validation before processing any error parameters.

Until you can upgrade, consider restricting access to the local OAuth callback server to trusted clients only, for example by firewalling or limiting network exposure to prevent remote malicious requests.

Monitor and audit authentication flows for unexpected shutdowns or interruptions, and educate users to avoid interacting with suspicious web pages that could trigger malicious OAuth callback requests.

Review and apply any additional security controls related to sandbox permissions and trusted approvals as indicated in the v0.5.1 release notes to reduce attack surface.

Compliance Impact

The vulnerability in OpenClaude MCP's OAuth callback flow allows an attacker to bypass CSRF protections and cause a denial of service by shutting down the local OAuth server. This disrupts the availability of the authentication service.

While the vulnerability impacts availability (a component of security standards), there is no direct information indicating it leads to unauthorized access, data leakage, or compromise of personal data that would affect compliance with regulations such as GDPR or HIPAA.

Therefore, the main compliance concern would be related to availability requirements under these standards, but no explicit impact on confidentiality or integrity is described.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42073. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart