CVE•Published 2026-06-02•Modified 2026-06-03•0 articles on news•6 live references•NVD data

CVE-2026-42073Gitlawb · Openclaude

Vulnerability data via NVD (ingested)

CVSS v3.1

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS percentile

—

Weaknesses (CWE)

CWE-352Cross-Site Request Forgery (CSRF)CWE-400Uncontrolled Resource Consumption

Description

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internally stored value. However, due to a logic flaw in the order of conditionals, an attacker can completely bypass this check and force the server to shut down — without knowing the state value at all. This issue has been patched in version 0.5.1.

Timeline

Published 2026-06-02

Modified 2026-06-03

External references

NVD MITRE Exploit-DB GitHub PoC Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-42073

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Gitlawb Openclaude"

All exposed Gitlawb Openclaude instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Openclaude"

HTTP body or banner mentions "Openclaude" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-42073