This looks like the 3.0.12 fix didn’t fully resolve the token exchange issue for your OAuth server configuration. The fix addressed a specific regression, but the error pattern you’re showing (token exchange POST hitting / and returning a 404 with empty body) suggests endpoint resolution is still wrong for your setup.
I’ve flagged this with our extensibility team with your logs and details.
While the team works on a fix, you can try wrapping your MCP server with mcp-remote as a workaround:
{
"your-server": {
"command": "npx",
"args": ["-y", "mcp-remote", "
"]
}
}
This handles the OAuth flow externally and bypasses Cursor’s token exchange logic.
One question that would help the team: is your OAuth authorization server on a different domain from your MCP server URL? That setup is where the endpoint resolution has been failing most consistently.