Skip to main content

Openharness CVE-2026-40515

| EUVDEUVD-2026-23450 HIGH
Incorrect Authorization (CWE-863)
2026-04-17 VulnCheck
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 17, 2026 - 17:22 vuln.today
cvss_changed
CVSS changed
Apr 17, 2026 - 17:22 NVD
7.5 (HIGH) 8.7 (HIGH)
Analysis Generated
Apr 17, 2026 - 17:03 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 16:45 euvd
EUVD-2026-23450
Analysis Generated
Apr 17, 2026 - 16:45 vuln.today
Patch released
Apr 17, 2026 - 16:45 nvd
Patch available
CVE Published
Apr 17, 2026 - 16:00 nvd
HIGH 8.7

DescriptionCVE.org

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.

AnalysisAI

Remote unauthenticated attackers can bypass path restrictions in OpenHarness (pre-commit bd4df81) to read arbitrary sensitive files via crafted grep/glob operations. The incomplete path normalization in permission checking allows exploitation of built-in tools to access sensitive root directories, key material, and configuration files despite configured access controls. CVSS 7.5 (High) with network vector and no authentication required. EPSS data not provided. No CISA KEV listing identified, indicating no confirmed widespread active exploitation at time of analysis. Vendor patch available via GitHub commit bd4df81.

Technical ContextAI

OpenHarness is an open-source framework (HKUDS project) that implements permission checking to restrict file system access. The vulnerability stems from CWE-863 (Incorrect Authorization), specifically incomplete path normalization in the permission validation logic. When attackers invoke the built-in grep and glob utilities with specially crafted path arguments targeting sensitive root directories, the permission checker fails to properly normalize and evaluate these paths against configured path restriction rules. This allows the tools to traverse outside intended boundaries and access filesystem locations that should be blocked. The affected product is identified by CPE cpe:2.3:a:hkuds:openharness. The issue resembles classic path traversal vulnerabilities but manifests through tool invocation rather than direct file API calls, exploiting the gap between tool argument parsing and permission enforcement.

RemediationAI

Update OpenHarness to commit bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae or later from the HKUDS GitHub repository at https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae. Review pull request 92 for implementation details at https://github.com/HKUDS/OpenHarness/pull/92. If immediate patching is not feasible, implement network-level access controls to restrict OpenHarness exposure to trusted networks only via firewall rules or VPN requirements, though this does not eliminate insider threat risk. Audit existing path restriction configurations and review logs for suspicious grep or glob invocations targeting root directories or sensitive filesystem paths. Consider disabling or restricting the grep and glob built-in tools if business requirements permit, though this may impact legitimate functionality and requires testing. Deploy file integrity monitoring on sensitive directories to detect unauthorized access attempts. Each compensating control reduces but does not eliminate risk compared to applying the vendor patch.

CVE-2026-7551 HIGH
8.7 Apr 30

Remote code execution in HKUDS OpenHarness allows authenticated remote attackers to execute arbitrary operating system c

CVE-2026-40502 HIGH
8.7 Apr 16

Remote command injection in OpenHarness gateway handler allows authenticated remote chat users to execute administrative

CVE-2026-6819 HIGH
8.7 Apr 21

Remote attackers can install and activate arbitrary plugins in HKUDS OpenHarness through exposed plugin management comma

CVE-2026-22682 HIGH
8.4 Apr 07

Improper access control in OpenHarness (prior to commit 166fcfe) allows local authenticated attackers with influence ove

CVE-2026-6823 HIGH
8.3 Apr 21

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote cha

CVE-2026-40516 HIGH
7.8 Apr 17

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attack

CVE-2026-56695 HIGH
7.1 Jun 23

Cross-session information disclosure in HKUDS OpenHarness ohmo gateway allows admitted remote senders to invoke /resume

CVE-2026-40503 HIGH
7.1 Apr 16

Path traversal in OpenHarness allows authenticated gateway users with chat access to read arbitrary files on the server

CVE-2026-6729 MEDIUM
5.3 Apr 20

Session key derivation in HKUDS OpenHarness prior to PR #159 fails to verify sender identity in shared chat/thread scope

CVE-2026-56696 MEDIUM
5.3 Jun 23

Remote prompt injection in OpenHarness allows low-privileged messaging channel participants to persistently corrupt AI a

Share

CVE-2026-40515 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy