Description
Summary

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.




Root cause

The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.


Impact

An attacker could craft a malicious link that, when clicked by a victim, would:

* Steal user chat message history - Access all LLM interactions stored in the user's session.


* Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf





Mitigation:

* PR:  https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841




* Agents-sdk users should upgrade to agents@0.3.10




* Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
Published: 2026-02-13
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting enabling arbitrary JavaScript execution in a victim’s session
Action: Patch
AI Analysis

Impact

A reflected XSS flaw exists in the AI Playground OAuth callback handler where the error_description query parameter is directly interpolated into an inline <script> tag without any escaping. This allows an attacker to craft a malicious URL that, when opened by a target user, executes arbitrary JavaScript in the context of that user's session. Such code can read session data, harvest user chat history, and interact with any MCP servers the victim’s session is connected to, potentially executing actions on the victim’s behalf. The weakness is a classic CWE‑79 injection flaw.

Affected Systems

Cloudflare AI Playground components that rely on the Cloudflare Agents SDK prior to version 0.3.10. Users who have integrated the SDK and use the configureOAuthCallback function with custom error handling are affected. Upgrading the Agents SDK to 0.3.10 or later removes the vulnerable code path and fixes the interpolation issue.

Risk and Exploitability

The CVSS score is 6.2, indicating a medium severity. EPSS is below 1%, suggesting a low yet non‑zero likelihood of exploitation; the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The attack vector requires a victim to click a specially crafted link, so it is a typical phishing or social engineering scenario. Once executed, the attacker can execute JavaScript in the victim’s browser, compromising confidentiality, integrity, and availability of the session data. The overall risk remains moderate due to the lack of widespread exploitation and the need for user interaction.

Generated by OpenCVE AI on April 17, 2026 at 19:55 UTC.

Remediation

Vendor Solution

* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 * Agents-sdk users should upgrade to `agents@0.3.10` * Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.

OpenCVE Recommended Actions

  • Upgrade the Cloudflare Agents SDK to version 0.3.10 or newer to apply the official patch that removes the unsafe interpolation.
  • If you cannot immediately upgrade, modify your OAuth callback handling to escape all user‑controlled input before inserting it into HTML, especially the error_description parameter, thereby preventing script injection.
  • For applications that use configureOAuthCallback with custom error handling, ensure that any data derived from query parameters is properly encoded or sanitized before use in the user interface.

Generated by OpenCVE AI on April 17, 2026 at 19:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cvhv-6xm6-c3v4 Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler
History

Fri, 27 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Cloudflare
Cloudflare agents Sdk
Vendors & Products Cloudflare
Cloudflare agents Sdk

Fri, 13 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 02:30:00 +0000

Type Values Removed Values Added
Description Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session. Root cause The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag. Impact An attacker could craft a malicious link that, when clicked by a victim, would: * Steal user chat message history - Access all LLM interactions stored in the user's session. * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf Mitigation: * PR:  https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 * Agents-sdk users should upgrade to agents@0.3.10 * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
Title Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
References
Metrics cvssV4_0

{'score': 6.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N'}

Subscriptions

Cloudflare Agents Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: cloudflare

Published:

Updated: 2026-02-27T14:51:31.817Z

Reserved: 2026-01-30T20:12:22.668Z

Link: CVE-2026-1721

cve-icon Vulnrichment

Updated: 2026-02-13T13:10:31.049Z

cve-icon NVD

Status : Deferred

Published: 2026-02-13T03:15:52.467

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1721

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses