OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS
- Severity:
- Medium
Description
Recommendation
Update the @gitlawb/openclaude package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.1
- Patched version(s): 0.5.1
References
Related Issues
- OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal - CVE-2026-35570
- Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution - CVE-2026-30939
- StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check - CVE-2026-32101
- Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching - CVE-2026-46341
You might also like:
- Tags:
- npm
- @gitlawb/openclaude
Anything's wrong? Let us know Last updated on May 12, 2026