Skip to main content

Openharness CVE-2026-40502

| EUVDEUVD-2026-23141 HIGH
Missing Authorization (CWE-862)
2026-04-16 VulnCheck
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Analysis Updated
Apr 16, 2026 - 01:44 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 16, 2026 - 01:38 vuln.today
cvss_changed
CVSS changed
Apr 16, 2026 - 01:38 NVD
8.8 (HIGH) 8.7 (HIGH)
Analysis Generated
Apr 16, 2026 - 01:19 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 01:15 euvd
EUVD-2026-23141
Analysis Generated
Apr 16, 2026 - 01:15 vuln.today
Patch released
Apr 16, 2026 - 01:15 nvd
Patch available
CVE Published
Apr 16, 2026 - 00:08 nvd
HIGH 8.7

DescriptionCVE.org

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execute administrative commands such as /permissions full_auto through remote chat sessions to change permission modes of a running OpenHarness instance without operator authorization.

AnalysisAI

Remote command injection in OpenHarness gateway handler allows authenticated remote chat users to execute administrative commands like /permissions full_auto without authorization, escalating privileges to modify security controls of running instances. Vulnerability exploits insufficient command validation in chat interface. Fixed in commit dd1d235. CVSS 8.7 (High) with network attack vector and low complexity. EPSS data unavailable; not listed in CISA KEV. VulnCheck advisory and GitHub patch available.

Technical ContextAI

OpenHarness is a framework for managing AI model interactions through gateway interfaces. This vulnerability (CWE-862: Missing Authorization) exists in the gateway handler component responsible for processing chat commands. The flaw arises from inadequate separation between administrative commands intended for local operator use and commands exposed through remote chat sessions. The gateway handler fails to enforce authorization checks or command scope restrictions, allowing any command accepted locally to also be invoked remotely by authenticated chat users. The /permissions full_auto command specifically modifies the permission mode of the running OpenHarness instance, potentially disabling security controls. The CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-accessible exploitation requiring only low-privileged authentication with no additional attack complexity.

RemediationAI

Upgrade to OpenHarness commit dd1d235450dd987b20bff01b7bfb02fe8620a0af or later, which implements proper command scope validation in the gateway handler per GitHub PR #127. Organizations using git-based deployments should pull from the main branch after April 2024 (estimated based on CVE-2026 designation, verify actual commit date). If immediate patching is not feasible, implement network-level access controls to restrict gateway chat interface access to trusted IP ranges only, recognizing this does not prevent exploitation by authenticated insiders or compromised accounts within the trusted network. Alternatively, disable remote gateway chat functionality entirely and restrict administrative command access to local console sessions, though this eliminates legitimate remote chat use cases. Review OpenHarness audit logs for unauthorized use of /permissions or other administrative commands from remote sessions prior to patching, as these may indicate exploitation attempts or successful attacks. After patching, verify permission mode settings match intended security policy, as attackers may have modified configurations that persist after remediation.

CVE-2026-7551 HIGH
8.7 Apr 30

Remote code execution in HKUDS OpenHarness allows authenticated remote attackers to execute arbitrary operating system c

CVE-2026-6819 HIGH
8.7 Apr 21

Remote attackers can install and activate arbitrary plugins in HKUDS OpenHarness through exposed plugin management comma

CVE-2026-40515 HIGH
8.7 Apr 17

Remote unauthenticated attackers can bypass path restrictions in OpenHarness (pre-commit bd4df81) to read arbitrary sens

CVE-2026-22682 HIGH
8.4 Apr 07

Improper access control in OpenHarness (prior to commit 166fcfe) allows local authenticated attackers with influence ove

CVE-2026-6823 HIGH
8.3 Apr 21

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote cha

CVE-2026-40516 HIGH
7.8 Apr 17

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attack

CVE-2026-56695 HIGH
7.1 Jun 23

Cross-session information disclosure in HKUDS OpenHarness ohmo gateway allows admitted remote senders to invoke /resume

CVE-2026-40503 HIGH
7.1 Apr 16

Path traversal in OpenHarness allows authenticated gateway users with chat access to read arbitrary files on the server

CVE-2026-6729 MEDIUM
5.3 Apr 20

Session key derivation in HKUDS OpenHarness prior to PR #159 fails to verify sender identity in shared chat/thread scope

CVE-2026-56696 MEDIUM
5.3 Jun 23

Remote prompt injection in OpenHarness allows low-privileged messaging channel participants to persistently corrupt AI a

Share

CVE-2026-40502 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy