Hkuds Openharness vulnerabilities
11 known vulnerabilities affecting hkuds/openharness.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2026-7551P2HIGHCVSS 8.8fixed in 2026-04-27fixed in 438e3732026-04-30
CVE-2026-7551 [HIGH] CWE-78 CVE-2026-7551: HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that a
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the sha
nvd
CVE-2026-40502P2HIGHCVSS 8.8fixed in 2026-04-13fixed in dd1d235450dd987b20bff01b7bfb02fe8620a0af2026-04-16
CVE-2026-40502 [HIGH] CWE-862 CVE-2026-40502: OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote ga
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execute administrative commands such as /permissions full_a
nvd
CVE-2026-6823P3HIGHCVSS 8.2fixed in 0.1.7fixed in PR #1472026-04-21
CVE-2026-6823 [HIGH] CWE-276 CVE-2026-6823: HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unaut
nvd
CVE-2026-6819P3HIGHCVSS 8.8fixed in 0.1.7fixed in PR #1562026-04-21
CVE-2026-6819 [HIGH] CWE-276 CVE-2026-6819: HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation
nvd
CVE-2026-6729P3HIGHCVSS 7.6fixed in 0.1.7fixed in PR #1592026-04-20
CVE-2026-6729 [HIGH] CWE-287 CVE-2026-6729: HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt the
nvd
CVE-2026-40503P3MEDIUMCVSS 6.5fixed in 2026-04-13fixed in dd1d235450dd987b20bff01b7bfb02fe8620a0af2026-04-16
CVE-2026-40503 [MEDIUM] CWE-22 CVE-2026-40503: OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gatew
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to
nvd
CVE-2026-56695P3MEDIUMCVSS 6.5≤ 0.1.92026-06-23
CVE-2026-56695 [MEDIUM] CWE-862 CVE-2026-56695: OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allow
OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels.
nvd
CVE-2026-22682P3HIGHCVSS 7.1fixed in 166fcfefb7614dbac51bd061f56542725b0298e92026-04-07
CVE-2026-22682 [HIGH] CWE-863 CVE-2026-22682: OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in fi
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being
nvd
CVE-2026-56696P4MEDIUMCVSS 5.4≤ 0.1.92026-06-23
CVE-2026-56696 [MEDIUM] CWE-862 CVE-2026-56696: OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing
OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runti
nvd
CVE-2026-40516P4MEDIUMCVSS 6.3fixed in 2026-04-11fixed in bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae2026-04-17
CVE-2026-40516 [MEDIUM] CWE-918 CVE-2026-40516: OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fe
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback
nvd
CVE-2026-40515P4MEDIUMCVSS 5.5fixed in 2026-04-11fixed in bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae2026-04-17
CVE-2026-40515 [MEDIUM] CWE-863 CVE-2026-40515: OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers t
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing
nvd