CVE-2026-1721 (GCVE-0-2026-1721)
Vulnerability from cvelistv5 – Published: 2026-02-13 01:46 – Updated: 2026-02-13 13:14
VLAI?
Title
Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.
Root cause
The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.
Impact
An attacker could craft a malicious link that, when clicked by a victim, would:
* Steal user chat message history - Access all LLM interactions stored in the user's session.
* Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf
Mitigation:
* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841
* Agents-sdk users should upgrade to agents@0.3.10
* Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
Severity ?
Assigner
References
Credits
Nishant Kumawat
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T13:10:24.218273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T13:14:26.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/cloudflare",
"defaultStatus": "unaffected",
"packageName": "agents",
"repo": "https://github.com/cloudflare/agents",
"versions": [
{
"lessThan": "0.3.10",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nishant Kumawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003eSummary\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground\u0027s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim\u0027s session.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003eRoot cause\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `\u0026lt;script\u0026gt;` tag.\u003c/span\u003e\u003c/p\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003eImpact\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn attacker could craft a malicious link that, when clicked by a victim, would:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSteal user chat message history - Access all LLM interactions stored in the user\u0027s session.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAccess connected MCP Servers - Interact with any MCP servers connected to the victim\u0027s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim\u0027s behalf\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMitigation:\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003ePR:\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://github.com/cloudflare/agents/pull/841\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAgents-sdk users should upgrade to\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eagents@0.3.10\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevelopers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground\u0027s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim\u0027s session.\n\n\n\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `\u003cscript\u003e` tag.\n\n\nImpact\n\nAn attacker could craft a malicious link that, when clicked by a victim, would:\n\n * Steal user chat message history - Access all LLM interactions stored in the user\u0027s session.\n\n\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim\u0027s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim\u0027s behalf\n\n\n\n\n\nMitigation:\n\n * PR:\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to\u00a0agents@0.3.10\n\n\n\n\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T01:48:24.571Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/agents/pull/841"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003ePR: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://github.com/cloudflare/agents/pull/841\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAgents-sdk users should upgrade to `\u003c/span\u003e\u003ccode\u003e\u003cspan style=\"background-color: transparent;\"\u003eagents@0.3.10`\u003c/span\u003e\u003c/code\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevelopers using `\u003c/span\u003econfigureOAuthCallback`\u003cspan style=\"background-color: transparent;\"\u003e with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to `agents@0.3.10`\n\n\n * Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2026-1721",
"datePublished": "2026-02-13T01:46:48.674Z",
"dateReserved": "2026-01-30T20:12:22.668Z",
"dateUpdated": "2026-02-13T13:14:26.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1721\",\"sourceIdentifier\":\"cna@cloudflare.com\",\"published\":\"2026-02-13T03:15:52.467\",\"lastModified\":\"2026-02-13T14:23:48.007\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Summary\\n\\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground\u0027s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim\u0027s session.\\n\\n\\n\\n\\nRoot cause\\n\\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `\u003cscript\u003e` tag.\\n\\n\\nImpact\\n\\nAn attacker could craft a malicious link that, when clicked by a victim, would:\\n\\n * Steal user chat message history - Access all LLM interactions stored in the user\u0027s session.\\n\\n\\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim\u0027s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim\u0027s behalf\\n\\n\\n\\n\\n\\nMitigation:\\n\\n * PR:\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \\n\\n\\n\\n\\n * Agents-sdk users should upgrade to\u00a0agents@0.3.10\\n\\n\\n\\n\\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@cloudflare.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"references\":[{\"url\":\"https://github.com/cloudflare/agents/pull/841\",\"source\":\"cna@cloudflare.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1721\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-13T13:10:24.218273Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-13T13:10:31.049Z\"}}], \"cna\": {\"title\": \"Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Nishant Kumawat\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/cloudflare/agents\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.3.10\", \"versionType\": \"git\"}], \"packageName\": \"agents\", \"collectionURL\": \"https://github.com/cloudflare\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \\n\\n\\n\\n\\n * Agents-sdk users should upgrade to `agents@0.3.10`\\n\\n\\n * Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ePR: \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/cloudflare/agents/pull/841\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://github.com/cloudflare/agents/pull/841\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eAgents-sdk users should upgrade to `\u003c/span\u003e\u003ccode\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eagents@0.3.10`\u003c/span\u003e\u003c/code\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eDevelopers using `\u003c/span\u003econfigureOAuthCallback`\u003cspan style=\\\"background-color: transparent;\\\"\u003e with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://github.com/cloudflare/agents/pull/841\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Summary\\n\\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground\u0027s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim\u0027s session.\\n\\n\\n\\n\\nRoot cause\\n\\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `\u003cscript\u003e` tag.\\n\\n\\nImpact\\n\\nAn attacker could craft a malicious link that, when clicked by a victim, would:\\n\\n * Steal user chat message history - Access all LLM interactions stored in the user\u0027s session.\\n\\n\\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim\u0027s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim\u0027s behalf\\n\\n\\n\\n\\n\\nMitigation:\\n\\n * PR:\\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \\n\\n\\n\\n\\n * Agents-sdk users should upgrade to\\u00a0agents@0.3.10\\n\\n\\n\\n\\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cb\u003eSummary\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground\u0027s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim\u0027s session.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cb\u003eRoot cause\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `\u0026lt;script\u0026gt;` tag.\u003c/span\u003e\u003c/p\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cb\u003eImpact\u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eAn attacker could craft a malicious link that, when clicked by a victim, would:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eSteal user chat message history - Access all LLM interactions stored in the user\u0027s session.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eAccess connected MCP Servers - Interact with any MCP servers connected to the victim\u0027s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim\u0027s behalf\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u003cb\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eMitigation:\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ePR:\u0026nbsp;\u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/cloudflare/agents/pull/841\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://github.com/cloudflare/agents/pull/841\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eAgents-sdk users should upgrade to\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eagents@0.3.10\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eDevelopers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"shortName\": \"cloudflare\", \"dateUpdated\": \"2026-02-13T01:48:24.571Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1721\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-13T13:14:26.837Z\", \"dateReserved\": \"2026-01-30T20:12:22.668Z\", \"assignerOrgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"datePublished\": \"2026-02-13T01:46:48.674Z\", \"assignerShortName\": \"cloudflare\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…