CVE-2026-42073 (GCVE-0-2026-42073)

Vulnerability from cvelistv5 – Published: 2026-06-02 15:38 – Updated: 2026-06-02 17:40

Title

OpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

Summary

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all. This issue has been patched in version 0.5.1.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)
CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/Gitlawb/openclaude/security/ad…	x_refsource_CONFIRM
https://github.com/Gitlawb/openclaude/commit/739b…	x_refsource_MISC
https://github.com/Gitlawb/openclaude/releases/ta…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Gitlawb	openclaude	Affected: < 0.5.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42073",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T17:37:51.060222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T17:40:55.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openclaude",
          "vendor": "Gitlawb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T15:38:53.435Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"
        },
        {
          "name": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad"
        },
        {
          "name": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1"
        }
      ],
      "source": {
        "advisory": "GHSA-c73c-x77g-854r",
        "discovery": "UNKNOWN"
      },
      "title": "OpenClaude\u0027s MCP OAuth Callback: State Check Bypass via error Param Leads to DoS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42073",
    "datePublished": "2026-06-02T15:38:53.435Z",
    "dateReserved": "2026-04-23T19:17:30.565Z",
    "dateUpdated": "2026-06-02T17:40:55.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42073\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-02T17:16:31.910\",\"lastModified\":\"2026-06-02T20:16:36.267\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"},{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42073\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-02T17:37:51.060222Z\"}}}], \"references\": [{\"url\": \"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-02T17:37:38.903Z\"}}], \"cna\": {\"title\": \"OpenClaude\u0027s MCP OAuth Callback: State Check Bypass via error Param Leads to DoS\", \"source\": {\"advisory\": \"GHSA-c73c-x77g-854r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Gitlawb\", \"product\": \"openclaude\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.5.1\"}]}], \"references\": [{\"url\": \"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r\", \"name\": \"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad\", \"name\": \"https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1\", \"name\": \"https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \\u2014 without knowing the state value at all. This issue has been patched in version 0.5.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-02T15:38:53.435Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42073\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-02T17:40:55.678Z\", \"dateReserved\": \"2026-04-23T19:17:30.565Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-02T15:38:53.435Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-42073

Vulnerability from fkie_nvd - Published: 2026-06-02 17:16 - Updated: 2026-06-02 20:16

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad
	security-advisories@github.com	https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1
	security-advisories@github.com	https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1."
    }
  ],
  "id": "CVE-2026-42073",
  "lastModified": "2026-06-02T20:16:36.267",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-06-02T17:16:31.910",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        },
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-C73C-X77G-854R

Vulnerability from github – Published: 2026-05-12 15:34 – Updated: 2026-05-12 15:34

Summary

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

Details

OAuth State Validation Bypass via `error` Parameter Causes Local Server DoS in MCP Auth Callback

Description

The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all.

The vulnerable code looks like this:

if (!error && state !== oauthState) {
    rejectOnce(new Error('OAuth state mismatch - possible CSRF attack'))
    return
}

if (error) {
    cleanup()
    rejectOnce(new Error(errorMessage))
    return
}

When a request arrives with an error query parameter (e.g., ?error=anything), the first condition becomes false because !error evaluates to false. This means the CSRF check is never reached. Execution falls through to the second block, where cleanup() is called — shutting down the local server and terminating the user's active authentication session.

The attacker does not need to know the state value. Any request containing an error parameter is enough to trigger the shutdown.

Impact

The user's OAuth flow is silently terminated mid-session
The local callback server is shut down (Denial of Service)
Can be triggered remotely via a malicious web page using a cross-origin request (CSRF)
No authentication or prior knowledge of the state value is required

Steps to Reproduce

Save the following as poc.js and run with Node.js:

import { createServer } from 'http';
import { parse } from 'url';

const expectedState = "secure_state_abc123";

const server = createServer((req, res) => {
    const parsedUrl = parse(req.url || '', true);
    const { pathname, query } = parsedUrl;
    const { state, error } = query;

    if (pathname === '/callback') {

        // Vulnerable: error param causes state check to be skipped entirely
        if (!error && state !== expectedState) {
            res.writeHead(400);
            res.end('State mismatch');
            console.log('[-] CSRF attempt blocked.');
            return;
        }

        if (error) {
            res.writeHead(200);
            res.end(`Error: ${error}`);
            console.log(`[!] Server shutting down. Triggered by: ${error}`);
            server.close();
            return;
        }
    }
});

server.listen(12345, '127.0.0.1', () => {
    console.log('Listening on http://127.0.0.1:12345');
});

Terminal 1 — start the server:

node poc.js

Terminal 2 — trigger the bypass:

curl "http://127.0.0.1:12345/callback?error=triggered"

Expected result: Server shuts down immediately. The state value was never checked.

Root Cause

The CSRF protection is conditioned on !error, meaning it is silently disabled whenever an error parameter is present. The two checks need to be decoupled — state validation must happen first, independently of any other parameters.

Fix

Move the state check before the error check, and remove the dependency on !error:

// Fixed
if (state !== oauthState) {
    cleanup()
    rejectOnce(new Error('OAuth state mismatch - possible CSRF attack'))
    return
}

if (error) {
    cleanup()
    rejectOnce(new Error(errorMessage))
    return
}

With this change, any request — whether it contains an error parameter or not — must first pass the state validation before any further processing occurs.

Credit: Xanlar Agamalizade

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@gitlawb/openclaude"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-12T15:34:30Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "# OAuth State Validation Bypass via `error` Parameter Causes Local Server DoS in MCP Auth Callback\n---\n\n## Description\n\nThe OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a `state` parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the `state` value at all.\n\nThe vulnerable code looks like this:\n\n```typescript\nif (!error \u0026\u0026 state !== oauthState) {\n    rejectOnce(new Error(\u0027OAuth state mismatch - possible CSRF attack\u0027))\n    return\n}\n\nif (error) {\n    cleanup()\n    rejectOnce(new Error(errorMessage))\n    return\n}\n```\n\nWhen a request arrives with an `error` query parameter (e.g., `?error=anything`), the first condition becomes `false` because `!error` evaluates to `false`. This means the CSRF check is **never reached**. Execution falls through to the second block, where `cleanup()` is called \u2014 shutting down the local server and terminating the user\u0027s active authentication session.\n\nThe attacker does not need to know the `state` value. Any request containing an `error` parameter is enough to trigger the shutdown.\n\n---\n\n## Impact\n\n- The user\u0027s OAuth flow is silently terminated mid-session\n- The local callback server is shut down (Denial of Service)\n- Can be triggered remotely via a malicious web page using a cross-origin request (CSRF)\n- No authentication or prior knowledge of the `state` value is required\n\n---\n\n## Steps to Reproduce\n\nSave the following as `poc.js` and run with Node.js:\n\n```javascript\nimport { createServer } from \u0027http\u0027;\nimport { parse } from \u0027url\u0027;\n\nconst expectedState = \"secure_state_abc123\";\n\nconst server = createServer((req, res) =\u003e {\n    const parsedUrl = parse(req.url || \u0027\u0027, true);\n    const { pathname, query } = parsedUrl;\n    const { state, error } = query;\n\n    if (pathname === \u0027/callback\u0027) {\n\n        // Vulnerable: error param causes state check to be skipped entirely\n        if (!error \u0026\u0026 state !== expectedState) {\n            res.writeHead(400);\n            res.end(\u0027State mismatch\u0027);\n            console.log(\u0027[-] CSRF attempt blocked.\u0027);\n            return;\n        }\n\n        if (error) {\n            res.writeHead(200);\n            res.end(`Error: ${error}`);\n            console.log(`[!] Server shutting down. Triggered by: ${error}`);\n            server.close();\n            return;\n        }\n    }\n});\n\nserver.listen(12345, \u0027127.0.0.1\u0027, () =\u003e {\n    console.log(\u0027Listening on http://127.0.0.1:12345\u0027);\n});\n```\n\n**Terminal 1 \u2014 start the server:**\n```bash\nnode poc.js\n```\n\n**Terminal 2 \u2014 trigger the bypass:**\n```bash\ncurl \"http://127.0.0.1:12345/callback?error=triggered\"\n```\n\n**Expected result:** Server shuts down immediately. The `state` value was never checked.\n\n---\n\n## Root Cause\n\nThe CSRF protection is conditioned on `!error`, meaning it is silently disabled whenever an `error` parameter is present. The two checks need to be decoupled \u2014 state validation must happen first, independently of any other parameters.\n\n---\n\n## Fix\n\nMove the `state` check before the `error` check, and remove the dependency on `!error`:\n\n```typescript\n// Fixed\nif (state !== oauthState) {\n    cleanup()\n    rejectOnce(new Error(\u0027OAuth state mismatch - possible CSRF attack\u0027))\n    return\n}\n\nif (error) {\n    cleanup()\n    rejectOnce(new Error(errorMessage))\n    return\n}\n```\n\nWith this change, any request \u2014 whether it contains an `error` parameter or not \u2014 must first pass the state validation before any further processing occurs.\n\n---\n\nCredit: Xanlar Agamalizade",
  "id": "GHSA-c73c-x77g-854r",
  "modified": "2026-05-12T15:34:30Z",
  "published": "2026-05-12T15:34:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Gitlawb/openclaude"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42073 (GCVE-0-2026-42073)

FKIE_CVE-2026-42073

GHSA-C73C-X77G-854R

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback

Description

Impact

Steps to Reproduce

Root Cause

Fix

Tags

Sightings

Nomenclature

OAuth State Validation Bypass via `error` Parameter Causes Local Server DoS in MCP Auth Callback