Primary

Context

Cloudflare Workers OAuth Provider Redirect URI Validation Vulnerability in Workers MCP Framework

Vulnerability

A vulnerability exists in the OAuth implementation of Cloudflare Workers OAuth Provider, part of the Workers MCP framework. The issue arises because the redirect URI validation did not properly ensure that the redirect URI was on the allowed list for the corresponding client registration. This flaw could potentially allow an attacker to steal credentials from a victim who had previously authorized with the OAuth server and impersonate them.

Impact

Exploitation of this vulnerability could lead to unauthorized credential access and impersonation of the victim on the OAuth server.

Remediation

Users can update to the latest version of Cloudflare Workers OAuth Provider, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare Workers OAuth Provider Redirect URI Validation Vulnerability in Workers MCP Framework

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating