{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-42073", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-23T19:17:30.565Z", "datePublished": "2026-06-02T15:38:53.435Z", "dateUpdated": "2026-06-02T17:40:55.678Z"}, "containers": {"cna": {"title": "OpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"}, {"name": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad", "tags": ["x_refsource_MISC"], "url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad"}, {"name": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1"}], "affected": [{"vendor": "Gitlawb", "product": "openclaude", "versions": [{"version": "< 0.5.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-02T15:38:53.435Z"}, "descriptions": [{"lang": "en", "value": "OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1."}], "source": {"advisory": "GHSA-c73c-x77g-854r", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T17:37:51.060222Z", "id": "CVE-2026-42073", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T17:40:55.678Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-42073", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-02T17:37:51.060222Z"}}}], "references": [{"url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T17:37:38.903Z"}}], "cna": {"title": "OpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS", "source": {"advisory": "GHSA-c73c-x77g-854r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Gitlawb", "product": "openclaude", "versions": [{"status": "affected", "version": "< 0.5.1"}]}], "references": [{"url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r", "name": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad", "name": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1", "name": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-02T15:38:53.435Z"}}}, "cveMetadata": {"cveId": "CVE-2026-42073", "state": "PUBLISHED", "dateUpdated": "2026-06-02T17:40:55.678Z", "dateReserved": "2026-04-23T19:17:30.565Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-02T15:38:53.435Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlawb:openclaude:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2107920-62CC-4630-84F0-724AB1B17015", "versionEndExcluding": "0.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down \u2014 without knowing the state value at all. This issue has been patched in version 0.5.1."}], "id": "CVE-2026-42073", "lastModified": "2026-06-03T16:54:29.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-06-02T17:16:31.910", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Gitlawb/openclaude/commit/739b8d1f40fde0e401a5cbd2b9a55d88bd5124ad"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/Gitlawb/openclaude/releases/tag/v0.5.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-c73c-x77g-854r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.5.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openclaude", "source": "cna", "vendor": "Gitlawb"}, "product": "openclaude", "vendor": "gitlawb"}], "created": "2026-06-02T18:30:14.760909+00:00", "updated": "2026-06-02T18:30:15.032430+00:00", "vendors": ["gitlawb", "gitlawb$PRODUCT$openclaude"]}