Github
CVE-2026-1721
Lifecycle Timeline
3Blast Radius
ecosystem impact- 18 npm packages depend on agents (18 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.3.10.
DescriptionCVE.org
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The error_description query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.
Root cause
The OAuth callback handler in site/ai-playground/src/server.ts directly interpolated the authError value, sourced from the error_description query parameter, into an inline <script> tag.
Impact
An attacker could craft a malicious link that, when clicked by a victim, would:
- Steal user chat message history - Access all LLM interactions stored in the user's session.
- Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf
Mitigation:
- PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841
- Agents-sdk users should upgrade to agents@0.3.10
- Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
AnalysisAI
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The error_description query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.
Root cause
The OAuth callback handler in site/ai-playground/src/server.ts directly interpolated the authError value, sourced from the error_description query p
Affected ProductsAI
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The error_description qu
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.
Supply chain vulnerability in Eclipse Theia GitHub Actions workflow. The preview.yml workflow uses pull_request_target w
Supply chain attack vector in OpenLIT GitHub Actions workflows. The pull_request_target trigger with checkout enables ma
Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling a
Unauthenticated infrastructure overwrite in Hoppscotch API development ecosystem before 2026.2.0. Attackers can overwrit
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCrede
OneUptime versions prior to 10.0.19 allow unauthenticated attackers to hijack GitHub App integrations across projects by
PolarLearn versions 0-PRERELEASE-15 and earlier lack proper state parameter validation in OAuth 2.0 authentication, enab
Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore i
Authenticated users in OpenEMR through version 8.0.0 can access and modify eye exam records belonging to other patients
Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package dire
Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaSc
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-cvhv-6xm6-c3v4