NVD — Cloudflare Agents SDK OAuth callback XSS (CVE-2026-1721)

AI relevance: The bug impacts Cloudflare’s Agents SDK and AI Playground, where LLM chat sessions and connected MCP tools are exposed to client-side compromise.

• CVE-2026-1721 is a reflected XSS flaw in the Cloudflare Agents AI Playground OAuth callback handler.
• The vulnerable flow interpolated error_description directly into an inline <script> tag without escaping.
• Impact per NVD: an attacker could craft a malicious link that executes JavaScript in the victim’s session.
• The XSS can expose LLM chat history stored in the session to the attacker.
• Attackers can also access connected MCP servers tied to the victim session and perform actions on their behalf.
• Cloudflare’s fix escapes OAuth error parameters and adjusts client error handling behavior.
• Mitigation guidance is to upgrade to agents-sdk 0.3.10 and sanitize any custom OAuth error handling.

Why it matters

• OAuth callback flows are a common integration point for AI tools; a single XSS can spill sensitive LLM conversation data.
• Because the SDK connects to MCP servers, client compromise can become tool compromise across a user’s AI workflow.
• This highlights how web-layer bugs (XSS) can directly translate into agent and tool-chain risk.

What to do

• Upgrade to agents-sdk 0.3.10 or later immediately.
• Review OAuth callback handlers to ensure all user-controlled input is properly escaped before HTML/JS interpolation.
• Audit any custom MCP client error handlers that surface OAuth errors to users.

Sources

• NVD — CVE-2026-1721
• Cloudflare — fix: escape OAuth error params (PR #841)