CVE-2026-42073
MEDIUMOpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS
Title source: cnaDescription
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all. This issue has been patched in version 0.5.1.
References (3)
Core 3
Core References
X_Refsource_Misc x_refsource_misc
https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad
X_Refsource_Confirm x_refsource_confirm
https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r
X_Refsource_Misc x_refsource_misc
https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
9.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
CWE-400
Status
published
Products (3)
gitlawb/openclaude
< 0.5.1
gitlawb/openclaude
0 - 0.5.1npm
Gitlawb/openclaude
< 0.5.1
Published
Jun 02, 2026
Tracked Since
Jun 02, 2026