How to fix CVE-2026-40516?

Within 24 hours: Identify all systems running OpenHarness AI agent framework and document current deployment versions. Within 7 days: Apply vendor patch by upgrading to commit bd4df81 or later across all production and non-production instances. Within 30 days: Conduct network segmentation review to restrict outbound HTTP/HTTPS from OpenHarness deployments to approved endpoints only, and implement egress filtering rules blocking access to RFC1918 ranges and 169.254.0.0/16 (cloud metadata).

CVE-2026-40516

EUVD-2026-23452 HIGH

2026-04-17 VulnCheck

SSRF

7.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 17:22 vuln.today

cvss_changed

CVSS Changed

Apr 17, 2026 - 17:22 NVD

8.3 (HIGH) 7.8 (HIGH)

Analysis Generated

Apr 17, 2026 - 17:03 vuln.today

DescriptionNVD

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.

AnalysisAI

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attackers to manipulate web_fetch and web_search tool parameters, forcing the agent to make HTTP requests to internal infrastructure including RFC1918 private networks, localhost services, and cloud metadata endpoints (e.g., AWS EC2 169.254.169.254). Changed scope (S:C) in CVSS vector indicates potential for pivoting beyond the vulnerable application's trust boundary. …

RemediationAI

Within 24 hours: Identify all systems running OpenHarness AI agent framework and document current deployment versions. Within 7 days: Apply vendor patch by upgrading to commit bd4df81 or later across all production and non-production instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40516 vulnerability details – vuln.today

Back

CVE-2026-40516

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CVE-2026-40516

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code