CVE-2026-42073: OpenClaude OAuth State Validation Bypass Denial of Service
OpenClaude, an open-source command-line tool for interacting with cloud and local AI models, has a flaw in how it handles user login. When you authenticate using OAuth, the software runs a temporary web server locally to catch the login response. To prevent attackers from hijacking this process, the server checks a security token called a 'state parameter.' However, due to a bug in how the code checks this token, an attacker can bypass the security check entirely and crash the server without even knowing what the token is. This has been fixed in version 0.5.1 and later.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-352, CWE-400
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-02 / 2026-06-17
NVD description (verbatim)
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all. This issue has been patched in version 0.5.1.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-42073 describes a logic flaw in OpenClaude's OAuth callback handler prior to version 0.5.1. The temporary HTTP server that receives OAuth responses should validate an incoming state parameter against an internally-stored reference value to mitigate CSRF attacks. A conditional logic error permits attackers to circumvent this validation entirely, allowing them to send a malformed state parameter that causes the server to terminate abnormally. The vulnerability does not require authentication or knowledge of the legitimate state value. The affected CWEs are CWE-352 (Cross-Site Request Forgery) and CWE-400 (Uncontrolled Resource Consumption), reflecting both the validation bypass and the denial-of-service consequence.
Business impact
An attacker exploiting this vulnerability can interrupt OAuth authentication flows for any OpenClaude user, forcing them to restart their authentication attempt. While this does not expose credentials or grant unauthorized access, it creates a denial-of-service condition that degrades user experience and may frustrate adoption of the tool in production environments. Organizations relying on OpenClaude for automated code generation or AI-assisted development may experience workflow disruptions if authentication becomes unreliable. The impact is bounded by the fact that the vulnerability requires user interaction (UI:R) to exploit effectively.
Affected systems
The gitlawb/openclaude project is affected in all versions prior to 0.5.1. This includes the command-line interface and its bundled OAuth callback handler. Any deployment of OpenClaude that uses OAuth authentication against cloud or local model providers is at risk. The vulnerability is most likely to affect developers and DevOps teams using OpenClaude for AI-assisted coding workflows, particularly in organizations integrating the tool into CI/CD pipelines or local development environments.
Exploitability
Exploitation requires network access to the user's local HTTP server (typically localhost) and user interaction to initiate the OAuth flow. An attacker must craft a malicious redirect containing a state parameter designed to trigger the logic flaw. The attack is straightforward to execute once the user is tricked into clicking a link or scanning a malicious QR code, but it is not remotely exploitable without additional attack vectors (e.g., network positioning or social engineering). The CVSS vector AV:N/AC:L/PR:N/UI:R reflects that the vulnerability is reachable over the network with low complexity, but requires user interaction. CVSS score 6.5 (MEDIUM) reflects that impact is limited to availability, not confidentiality or integrity.
Remediation
Update OpenClaude to version 0.5.1 or later. The patch corrects the conditional logic in the state parameter validation routine, ensuring that invalid state values are properly rejected before the server attempts to process the callback. Users should verify the version they are running using the CLI help command or package manager and apply the update during their next maintenance window. No configuration changes are required after patching.
Patch guidance
Download and install OpenClaude 0.5.1 from the official gitlawb/openclaude repository or via your package manager (e.g., pip, npm, or GitHub releases). Verify the integrity of the downloaded binary or package using published checksums if available. Test the patched version in a non-production environment to confirm that OAuth authentication flows complete successfully. Roll out the patch to all systems running OpenClaude, prioritizing development machines and shared CI/CD runners. There are no known breaking changes in version 0.5.1; upgrading should be safe for most deployments.
Detection guidance
Monitor OpenClaude logs for repeated HTTP 400 or 500 errors during OAuth callback handling, which may indicate exploit attempts. Look for error messages related to 'invalid state parameter' or server shutdown events that correlate with unusual network traffic from external sources to the callback handler port. Developers can add debugging output to the OpenClaude configuration to log all incoming state values and their validation results. In a monitoring context, alerting on rapid successive authentication failures or unexpected termination of the OpenClaude callback server may indicate active exploitation attempts, though false positives are possible during legitimate troubleshooting.
Why prioritize this
While this vulnerability has a MEDIUM CVSS score, it should be prioritized for patching because it affects the authentication trust boundary of a development tool used in code generation workflows. Although it does not grant unauthorized access, an attacker can disrupt critical DevOps pipelines that depend on OpenClaude. The simplicity of exploitation (AC:L, PR:N) and the likelihood of user interaction in a development environment make this a practical attack surface. Organizations where OpenClaude is embedded in build processes or local development should prioritize version 0.5.1 within 30 days; casual users can absorb it into standard update cycles.
Risk score, explained
The CVSS 3.1 score of 6.5 (MEDIUM severity) is driven by high availability impact (A:H) in a scenario where the attacker can force repeated service interruptions, balanced against the requirement for user interaction (UI:R) and network access to a local service (AV:N but typically scoped to localhost). The vulnerability does not affect confidentiality (C:N) or integrity (I:N), so it does not result in a HIGH score. The presence of this flaw in the authentication boundary, combined with the low barrier to exploitation, justifies a MEDIUM rather than LOW classification despite the limited scope of impact.
Frequently asked questions
Can an attacker steal my OAuth tokens or credentials using this vulnerability?
No. This vulnerability allows an attacker to crash the OAuth callback server and disrupt authentication, but it does not bypass token validation, intercept credentials, or grant unauthorized access. The attacker cannot retrieve your tokens or impersonate you once authenticated.
Is OpenClaude safe to use before upgrading to 0.5.1?
OpenClaude is safe to use prior to 0.5.1 as long as you avoid clicking links from untrusted sources that attempt to trigger the OAuth flow. The vulnerability requires active exploitation and user interaction. If you do not use OAuth authentication (e.g., you provide API keys directly), this vulnerability does not affect you.
Does this vulnerability affect OpenClaude when running in offline mode?
No. The vulnerability is specific to the OAuth callback handler, which only runs during cloud authentication. If you use OpenClaude exclusively with local models or pre-configured API keys without OAuth, you are not affected.
What should I do if I notice my OpenClaude authentication failing repeatedly?
First, verify you are running the latest version (0.5.1 or later). If you are still experiencing failures, clear your browser cache and cookies, and try re-authenticating. Check the OpenClaude logs for detailed error messages. If you suspect exploitation, review network access to your local callback port and consider firewalling it to trusted IPs only. File an issue on the gitlawb/openclaude repository if the problem persists after upgrading.
This analysis is provided for informational purposes and is based on vendor-published CVE data and patch information as of the modification date. SEC.co does not conduct independent verification of vendor patches or claims. Organizations should consult official OpenClaude release notes and security advisories before deploying patches. The availability impact described assumes successful exploitation; actual risk depends on network topology, user behavior, and authentication configuration. No exploit code, proof-of-concept, or technical implementation details beyond those in the official CVE description are provided or endorsed by SEC.co. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-35266HIGHOracle REST Data Services Authentication & Data Integrity Vulnerability
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25435MEDIUMZeusCart 4.0 CSRF Vulnerability – Account Deactivation Risk
- CVE-2019-25721MEDIUMDräger Infinity M300 Denial-of-Service Vulnerability – Network-Induced Device Reboots
- CVE-2019-25724MEDIUMDräger Infinity M300 Denial-of-Service Vulnerability Impact on Patient Monitoring
- CVE-2025-48648MEDIUMAndroid NotificationManagerService Resource Exhaustion DoS
- CVE-2026-0042MEDIUMAndroid UBSan Resource Exhaustion Denial of Service