CVE-2025-4144
CVE-2025-4144 affects Cloudflare’s MCP-based workers-oauth-provider. A flaw in the PKCE implementation allows an attacker to bypass PKCE verification, effectively bypassing PKCE protection. Descriptions across sources (Veracode, Red Hat, GHSA advisories, OSV) state that the OAuth check can be ski...