CNNVD-202602-2314 Information
Feb 13, 2026
cve
CNNVD ID
CNNVD-202602-2314
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
Cloudflare Agents是Cloudflare开源的一个在Cloudflare上构建和部署AI代理的工具。 Cloudflare Agents存在安全漏洞,该漏洞源于AI Playground的OAuth回调处理程序未对error_description查询参数进行适当转义,可能导致反射型跨站脚本攻击,从而窃取用户聊天记录或访问连接的MCP服务器。
Description (English)
Cloudflare Ages is an open-source tool for building and deploying AI agents on Cloudflare. There is a security loophole in Cloudflare Agens, which stems from the failure of the OAuth Reaction Processing Program at AI Playground to properly transpose error description query parameters, which may result in a cross-script attack, thus stealing user chat records or accessing connected MCP servers.
Vulnerability Type
其他
Affected Vendor
Cloudflare
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/cloudflare/agents/pull/841
Patch
https://developers.cloudflare.com/agents/
Share on: