CVE-2026-1721 - Vulnerability Details

Link	Providers
https://github.com/cloudflare/agents/pull/841

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session. Root cause The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag. Impact An attacker could craft a malicious link that, when clicked by a victim, would: * Steal user chat message history - Access all LLM interactions stored in the user's session. * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf Mitigation: * PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 * Agents-sdk users should upgrade to [email protected] * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.
Title		Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
References		https://github.com/cloudflare/agents/pull/841
Metrics		cvssV4_0 `{'score': 6.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1721", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2026-01-30T20:12:22.668Z", "datePublished": "2026-02-13T01:46:48.674Z", "dateUpdated": "2026-02-13T13:14:26.837Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/cloudflare", "defaultStatus": "unaffected", "packageName": "agents", "repo": "https://github.com/cloudflare/agents", "versions": [{"lessThan": "0.3.10", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Nishant Kumawat"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SummaryA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session. Root causeThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag. ImpactAn attacker could craft a malicious link that, when clicked by a victim, would:<ol><li>Steal user chat message history - Access all LLM interactions stored in the user's session.</li><li>Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf</li></ol><div> Mitigation:<ul><li>PR: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\">https://github.com/cloudflare/agents/pull/841</a></li></ul><ul><li>Agents-sdk users should upgrade to [email protected]</li></ul><ul><li>Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.</li></ul></div> "}], "value": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\n\n\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.\n\n\nImpact\n\nAn attacker could craft a malicious link that, when clicked by a victim, would:\n\n * Steal user chat message history - Access all LLM interactions stored in the user's session.\n\n\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf\n\n\n\n\n\nMitigation:\n\n * PR:\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to\[email protected]\n\n\n\n\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.2, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2026-02-13T01:48:24.571Z"}, "references": [{"url": "https://github.com/cloudflare/agents/pull/841"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>PR: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\">https://github.com/cloudflare/agents/pull/841</a></li></ul><ul><li>Agents-sdk users should upgrade to `<code>[email protected]`</code></li><li>Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.</li></ul>"}], "value": "* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to `[email protected]`\n\n\n * Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation."}], "source": {"discovery": "UNKNOWN"}, "title": "Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T13:10:24.218273Z", "id": "CVE-2026-1721", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T13:14:26.837Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1721", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T13:10:24.218273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T13:10:31.049Z"}}], "cna": {"title": "Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Nishant Kumawat"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/cloudflare/agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0.3.10", "versionType": "git"}], "packageName": "agents", "collectionURL": "https://github.com/cloudflare", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "* PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to `[email protected]`\n\n\n * Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>PR: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\">https://github.com/cloudflare/agents/pull/841</a></li></ul><ul><li>Agents-sdk users should upgrade to `<code>[email protected]`</code></li><li>Developers using `configureOAuthCallback` with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.</li></ul>", "base64": false}]}], "references": [{"url": "https://github.com/cloudflare/agents/pull/841"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\n\n\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.\n\n\nImpact\n\nAn attacker could craft a malicious link that, when clicked by a victim, would:\n\n * Steal user chat message history - Access all LLM interactions stored in the user's session.\n\n\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf\n\n\n\n\n\nMitigation:\n\n * PR:\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to\[email protected]\n\n\n\n\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.", "supportingMedia": [{"type": "text/html", "value": "SummaryA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session. Root causeThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag. ImpactAn attacker could craft a malicious link that, when clicked by a victim, would:<ol><li>Steal user chat message history - Access all LLM interactions stored in the user's session.</li><li>Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf</li></ol><div> Mitigation:<ul><li>PR: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/agents/pull/841\">https://github.com/cloudflare/agents/pull/841</a></li></ul><ul><li>Agents-sdk users should upgrade to [email protected]</li></ul><ul><li>Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.</li></ul></div> ", "base64": false}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2026-02-13T01:48:24.571Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1721", "state": "PUBLISHED", "dateUpdated": "2026-02-13T13:14:26.837Z", "dateReserved": "2026-01-30T20:12:22.668Z", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "datePublished": "2026-02-13T01:46:48.674Z", "assignerShortName": "cloudflare"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\n\n\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.\n\n\nImpact\n\nAn attacker could craft a malicious link that, when clicked by a victim, would:\n\n * Steal user chat message history - Access all LLM interactions stored in the user's session.\n\n\n * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalf\n\n\n\n\n\nMitigation:\n\n * PR:\u00a0 https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 \n\n\n\n\n * Agents-sdk users should upgrade to\[email protected]\n\n\n\n\n * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation."}], "id": "CVE-2026-1721", "lastModified": "2026-02-13T14:23:48.007", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-02-13T03:15:52.467", "references": [{"source": "[email protected]", "url": "https://github.com/cloudflare/agents/pull/841"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object