diff --git a/package.json b/package.json
index 36ac28be82..a5ea70f0ad 100644
--- a/package.json
+++ b/package.json
@@ -223,6 +223,7 @@
     "rollup-plugin-visualizer": "^5.12.0",
     "sass": "^1.88.0",
     "shiki": "^3.7.0",
+    "strict-url-sanitise": "^0.0.1",
     "string-width": "^7.2.0",
     "styled-components": "^6.1.11",
     "tar": "^7.4.3",
diff --git a/src/main/services/mcp/oauth/provider.ts b/src/main/services/mcp/oauth/provider.ts
index 037ba70b75..769c5085c3 100644
--- a/src/main/services/mcp/oauth/provider.ts
+++ b/src/main/services/mcp/oauth/provider.ts
@@ -4,6 +4,7 @@ import { loggerService } from '@logger'
 import { getConfigDir } from '@main/utils/file'
 import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth'
 import { OAuthClientInformation, OAuthClientInformationFull, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth'
+import { sanitizeUrl } from 'strict-url-sanitise'
 import open from 'open'
 
 import { JsonFileStorage } from './storage'
diff --git a/yarn.lock b/yarn.lock
index 45cb7e9aaa..052b0aa5b7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7003,6 +7003,7 @@ __metadata:
     sass: "npm:^1.88.0"
     selection-hook: "npm:^1.0.7"
     shiki: "npm:^3.7.0"
+    strict-url-sanitise: "npm:^0.0.1"
     string-width: "npm:^7.2.0"
     styled-components: "npm:^6.1.11"
     tar: "npm:^7.4.3"
@@ -18510,6 +18511,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"strict-url-sanitise@npm:^0.0.1":
+  version: 0.0.1
+  resolution: "strict-url-sanitise@npm:0.0.1"
+  checksum: 10c0/9a93aff625f7bb369a299e295b10a73116f9a7fd94e3382bd0b85f6b6d4086d8285b4baf4bfed5dfa951573522e81f8cc937f8ffac4ee21385ca8316217a83c7
+  languageName: node
+  linkType: hard
+
 "string-argv@npm:^0.3.2":
   version: 0.3.2
   resolution: "string-argv@npm:0.3.2"