QSearchQSearch

CVE-2026-42073

6.5 MEDIUM

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers

Published: 2026-06-02 · Last updated: 2026-06-03

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE
CWE-352, CWE-400

Affected products

VendorProduct
gitlawbopenclaude

Description

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all. This issue has been patched in version 0.5.1.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-42074 OpenClaude is an open-source coding-agent command line interface for cloud and local model providers (9.8 CRITICAL)

Same CWE

  • CVE-2026-47734 Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
  • CVE-2026-53739 Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which ... (4.3 MEDIUM)
  • CVE-2026-53736 Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonc... (4.3 MEDIUM)
  • CVE-2026-46689 Kanidm is an identity management platform
  • CVE-2026-46679 libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)