Malicious website can execute commands on the local system through...

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response for a chat session gets JavaScript execution on the http://localhost:4096 origin. This vulnerability is fixed in 1.1.10.

AI Analysis

XSS vulnerability in OpenCode web UI allows JavaScript execution via HTML injection

Basic Information

ID CVE-2026-22813

Source GitHub_M

Published Jan 12, 2026 at 22:52

Affected Product

Vendor anomalyco

Product opencode

Version < 1.1.10

Affected Versions anomalyco opencode < 1.1.10

CWE Classification

CWE-79

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Anomaly

Product OpenCode

Version < 1.1.10

References

github.com /anomalyco/opencode/security/advisories/GHSA-c83v-7274-4vgp

{
    "lastseen": "",
    "description": "OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response for a chat session gets JavaScript execution on the http://localhost:4096 origin. This vulnerability is fixed in 1.1.10.",
    "published": "2026-01-12T22:52:35.103Z",
    "modified": "2026-01-12T22:52:35.103Z",
    "type": "cve",
    "title": "Malicious website can execute commands on the local system through XSS in the OpenCode web UI",
    "source": "GitHub_M",
    "references": "https://github.com/anomalyco/opencode/security/advisories/GHSA-c83v-7274-4vgp",
    "id": "CVE-2026-22813",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "anomalyco opencode < 1.1.10",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "opencode",
    "version": "< 1.1.10",
    "vendor": "anomalyco",
    "ai_description": "XSS vulnerability in OpenCode web UI allows JavaScript execution via HTML injection",
    "ai_severity": "Critical",
    "ai_vendor": "Anomaly",
    "ai_product": "OpenCode",
    "ai_version": "< 1.1.10",
    "ai_score": 9.4
}

Malicious website can execute commands on the local system through XSS in the OpenCode web UI_CVE-2026-22813