VYPR

Agents

by Cloudflare

npm: agents

Source repositories

CVEs (2)

  • CVE-2026-1664MedFeb 3, 2026
    risk 0.45cvss epss 0.00

    Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without…

  • CVE-2026-1721MedFeb 13, 2026
    risk 0.33cvss epss 0.00

    Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary…