CVE-2026-1721

Summary<br /> <br /> A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground&amp;#39;s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim&amp;#39;s session.<br /> <br /> <br /> <br /> <br /> Root cause<br /> <br /> The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `` tag.<br /> <br /> <br /> Impact<br /> <br /> An attacker could craft a malicious link that, when clicked by a victim, would:<br /> <br /> * Steal user chat message history - Access all LLM interactions stored in the user&amp;#39;s session.<br /> <br /> <br /> * Access connected MCP Servers - Interact with any MCP servers connected to the victim&amp;#39;s session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim&amp;#39;s behalf<br /> <br /> <br /> <br /> <br /> <br /> Mitigation:<br /> <br /> * PR:  https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 <br /> <br /> <br /> <br /> <br /> * Agents-sdk users should upgrade to agents@0.3.10<br /> <br /> <br /> <br /> <br /> * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.