-
OpenCode: Reflected XSS in OAuth Callback Leading to Remote Code Execution
A malicious MCP server can achieve arbitrary command execution on the victim's machine through a reflected XSS in OpenCode's OAuth callback handler.
A malicious MCP server can achieve arbitrary command execution on the victim's machine through a reflected XSS in OpenCode's OAuth callback handler.