Skip to main content

HKUDS OpenHarness CVE-2026-6819

| EUVDEUVD-2026-24292 HIGH
Incorrect Default Permissions (CWE-276)
2026-04-21 VulnCheck GHSA-3xqw-r49f-5rj8
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 22, 2026 - 14:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 20:51 vuln.today
CVSS changed
Apr 21, 2026 - 20:22 NVD
8.8 (HIGH) 8.7 (HIGH)
EUVD ID Assigned
Apr 21, 2026 - 20:00 euvd
EUVD-2026-24292
Analysis Generated
Apr 21, 2026 - 20:00 vuln.today
Patch released
Apr 21, 2026 - 20:00 nvd
Patch available
CVE Published
Apr 21, 2026 - 19:41 nvd
HIGH 8.7

DescriptionCVE.org

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.

AnalysisAI

Remote attackers can install and activate arbitrary plugins in HKUDS OpenHarness through exposed plugin management commands. Pre-PR#156 versions expose /plugin install, /plugin enable, /plugin disable, and /reload-plugins endpoints to unauthenticated remote senders via the channel layer, allowing complete control over plugin trust and activation state. Vendor patch available in v0.1.7 (commit 59017e0). CVSS 8.7 with network vector and no authentication required, though user interaction is needed. No active exploitation confirmed (not in CISA KEV), but VulnCheck advisory and GitHub references provide technical details that could facilitate exploitation.

Technical ContextAI

OpenHarness is a plugin-based framework by HKUDS. The vulnerability stems from CWE-276 (Incorrect Default Permissions), where plugin lifecycle management commands are exposed through a network-accessible channel layer without proper access controls. The affected CPE (cpe:2.3:a:hkuds:openharness:*:*:*:*:*:*:*:*) indicates all versions prior to the PR#156 remediation. The CVSS 4.0 vector shows network attack vector (AV:N), low complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:P). The channel layer architecture appears to handle inter-component communication, but inappropriately exposes privileged plugin management functions to untrusted remote sources. Plugin systems typically execute with elevated privileges to modify application behavior, making unauthorized plugin installation a critical security boundary violation.

RemediationAI

Upgrade to HKUDS OpenHarness v0.1.7 or later, which includes PR#156 remediation (commit 59017e09880fcf9a6f60456a84fb982900b2c0b2). Download from https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7. If immediate upgrade is not feasible, implement network-level access controls to restrict channel layer exposure to trusted sources only - configure firewall rules to block external access to plugin management endpoints and limit channel layer connectivity to localhost or internal management networks. Disable remote channel layer access entirely if not operationally required, noting this may impact distributed deployment scenarios. Review existing plugin inventory for unauthorized installations that may have occurred prior to patching. These compensating controls reduce attack surface but do not eliminate the vulnerability in unpatched code. Consult VulnCheck advisory (https://www.vulncheck.com/advisories/hkuds-openharness-plugin-management-command-exposure) for additional context. Network segmentation may disrupt legitimate distributed operations if OpenHarness relies on cross-network plugin management.

CVE-2026-7551 HIGH
8.7 Apr 30

Remote code execution in HKUDS OpenHarness allows authenticated remote attackers to execute arbitrary operating system c

CVE-2026-40502 HIGH
8.7 Apr 16

Remote command injection in OpenHarness gateway handler allows authenticated remote chat users to execute administrative

CVE-2026-40515 HIGH
8.7 Apr 17

Remote unauthenticated attackers can bypass path restrictions in OpenHarness (pre-commit bd4df81) to read arbitrary sens

CVE-2026-22682 HIGH
8.4 Apr 07

Improper access control in OpenHarness (prior to commit 166fcfe) allows local authenticated attackers with influence ove

CVE-2026-6823 HIGH
8.3 Apr 21

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote cha

CVE-2026-40516 HIGH
7.8 Apr 17

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attack

CVE-2026-56695 HIGH
7.1 Jun 23

Cross-session information disclosure in HKUDS OpenHarness ohmo gateway allows admitted remote senders to invoke /resume

CVE-2026-40503 HIGH
7.1 Apr 16

Path traversal in OpenHarness allows authenticated gateway users with chat access to read arbitrary files on the server

CVE-2026-6729 MEDIUM
5.3 Apr 20

Session key derivation in HKUDS OpenHarness prior to PR #159 fails to verify sender identity in shared chat/thread scope

CVE-2026-56696 MEDIUM
5.3 Jun 23

Remote prompt injection in OpenHarness allows low-privileged messaging channel participants to persistently corrupt AI a

Share

CVE-2026-6819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy