Skip to main content

Openhuman

1 CVEs product

Monthly

CVE-2026-55743 CRITICAL PATCH Act Now

Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).

Command Injection RCE Openhuman
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).

Command Injection RCE Openhuman
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy