CVE-2026-22812
published 2026-01-12CVE-2026-22812: OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or…
PriorityP277high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
16.96%
96.7th percentile
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anoma | opencode | < 1.0.216 | 1.0.216 |
| anomalyco | opencode | < 1.0.216 | 1.0.216 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
id: CVE-2026-22812
info:
name: OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
http:
- raw:
- POST /session HTTP/1.1
- POST /session/{session_id}/shell HTTP/1.1
matchers:
- status_code: [200, 201, 202]
- regex: uid=\d+\([^)]+\) gid=\d+\([^)]+\)yara↗
rule CVE_2026_22812_OpenCode_RCE { strings: $s1 = "/session" $s2 = "/shell" $s3 = "uid=" condition: $s1 and $s2 and $s3 }- →Detect unauthenticated POST requests to /session endpoint returning JSON with an 'id' field — this is the first stage of the exploit chain to create a session without authentication. ↗
- →Detect POST requests to /session/{id}/shell with JSON body containing 'agent' and 'command' fields — this is the second stage shell execution step. ↗
- →Alert on HTTP responses containing uid/gid output pattern matching 'uid=\d+\([^)]+\) gid=\d+\([^)]+\)' from the OpenCode server, indicating successful RCE. ↗
- →Use Shodan query 'http.html:"opencode"' to identify exposed OpenCode instances for proactive scanning. ↗
- →The vulnerability is exploitable from any website via permissive CORS — monitor for cross-origin POST requests to local OpenCode HTTP server endpoints. ↗
- ·The exploit requires two sequential HTTP requests: first POST /session to obtain a session ID, then POST /session/{id}/shell to execute commands. Detection logic must correlate both requests. ↗
- ·The vulnerability affects OpenCode versions prior to 1.0.216 only. Instances running 1.0.216 or later are not affected. ↗
- ·The HTTP server is unauthenticated (CWE-306 - Missing Authentication for Critical Function), meaning no credentials or tokens are required to trigger the vulnerability. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
osv·2026-01-13
CVE-2026-22812 [HIGH] OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
*Previously reported via email to [email protected] on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/opencode-sdk-js/blob/main/SECURITY.md). No response received.*
### Summary
OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary shell commands with the user's privileges.
### Details
When OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:
- `POST /session/:id/shell` - Execute shell commands (`server.ts:1401`)
- `POST /pty` - Create interactive terminal sessions (`server.ts:267`)
- `GET /file/content?path=` - Read a
GHSA
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
ghsa·2026-01-13
CVE-2026-22812 [HIGH] CWE-306 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
*Previously reported via email to [email protected] on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/opencode-sdk-js/blob/main/SECURITY.md). No response received.*
### Summary
OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary shell commands with the user's privileges.
### Details
When OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:
- `POST /session/:id/shell` - Execute shell commands (`server.ts:1401`)
- `POST /pty` - Create interactive terminal sessions (`server.ts:267`)
- `GET /file/content?path=` - Read a
No detection rules found.
Nuclei
OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
nuclei·CVSS 8.8
CVE-2026-22812 [HIGH] OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying server.
Template:
id: CVE-2026-22812
info:
name: OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
author: princechaddha
severity: high
description: |
OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the unde
Securelist
Exploits and vulnerabilities in Q1 2026
blogs_securelist·2026-05-07·CVSS 7.8
CVE-2026-21519 [HIGH] Exploits and vulnerabilities in Q1 2026
Alexander Kolesnikov
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Notable vulnerabilities
CVE-2026-21519: Desktop Window Manager vulnerability
RegPwn (CVE-2026-21533): a system settings access control vulnerability
CVE-2026-21514: a Microsoft Office vulnerability
Clawdbot (CVE-2026-25253): an OpenClaw vulnerability
CVE-2026-34070: LangChain framework vulnerability
CVE-2026-22812: an OpenCode vulnerability
Conclusion and advice
Authors
Alexander Kolesnikov
During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Off
Wiz
CVE-2026-22812 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22812 [HIGH] CVE-2026-22812 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22812 :
JavaScript vulnerability analysis and mitigation
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
Source : NVD
## 8.8
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
JavaScript
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 87.7
Exploitation Probability (EPSS) 3.5
Affected packages and libraries
opencode-ai
opencode
Sources
NVD
npm Severity HIGH Has Fix Added at: Jan 14, 2
2026-01-12
Published