cbcvebase.
CVE-2026-22812
published 2026-01-12

CVE-2026-22812: OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or…

PriorityP277high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
16.96%
96.7th percentile
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Affected

2 ranges
VendorProductVersion rangeFixed in
anomaopencode< 1.0.2161.0.216
anomalycoopencode< 1.0.2161.0.216

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /session HTTP/1.1
urlPOST /session/{session_id}/shell HTTP/1.1
path/session
path/session/{id}/shell
command{"agent":"build","command":"id"}
sigma
id: CVE-2026-22812
info:
  name: OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
http:
  - raw:
    - POST /session HTTP/1.1
    - POST /session/{session_id}/shell HTTP/1.1
matchers:
  - status_code: [200, 201, 202]
  - regex: uid=\d+\([^)]+\) gid=\d+\([^)]+\)
yara
rule CVE_2026_22812_OpenCode_RCE { strings: $s1 = "/session" $s2 = "/shell" $s3 = "uid=" condition: $s1 and $s2 and $s3 }
  • Detect unauthenticated POST requests to /session endpoint returning JSON with an 'id' field — this is the first stage of the exploit chain to create a session without authentication.
  • Detect POST requests to /session/{id}/shell with JSON body containing 'agent' and 'command' fields — this is the second stage shell execution step.
  • Alert on HTTP responses containing uid/gid output pattern matching 'uid=\d+\([^)]+\) gid=\d+\([^)]+\)' from the OpenCode server, indicating successful RCE.
  • Use Shodan query 'http.html:"opencode"' to identify exposed OpenCode instances for proactive scanning.
  • The vulnerability is exploitable from any website via permissive CORS — monitor for cross-origin POST requests to local OpenCode HTTP server endpoints.
  • ·The exploit requires two sequential HTTP requests: first POST /session to obtain a session ID, then POST /session/{id}/shell to execute commands. Detection logic must correlate both requests.
  • ·The vulnerability affects OpenCode versions prior to 1.0.216 only. Instances running 1.0.216 or later are not affected.
  • ·The HTTP server is unauthenticated (CWE-306 - Missing Authentication for Critical Function), meaning no credentials or tokens are required to trigger the vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.