CVE 8.7 HIGH

OpenHarness Remote Administrative Command Injection via Gateway Handler_CVE-2026-40502

April 15, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execute administrative commands such as /permissions full_auto through remote chat sessions to change permission modes of a running OpenHarness instance without operator authorization.

AI Analysis

Command injection vulnerability in OpenHarness prior to commit dd1d235, allowing remote gateway users to invoke administrative commands without authorization.

Basic Information

ID CVE-2026-40502

Source VulnCheck

Published Apr 16, 2026 at 00:08

Modified Apr 16, 2026 at 00:10

Affected Product

Vendor HKUDS

Product OpenHarness

Affected Versions HKUDS OpenHarness 0

CWE Classification

CWE-862

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor HKUDS

Product OpenHarness

References

{
    "lastseen": "",
    "description": "OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execute administrative commands such as /permissions full_auto through remote chat sessions to change permission modes of a running OpenHarness instance without operator authorization.",
    "published": "2026-04-16T00:08:34.463Z",
    "modified": "2026-04-16T00:10:11.020Z",
    "type": "cve",
    "title": "OpenHarness Remote Administrative Command Injection via Gateway Handler",
    "source": "VulnCheck",
    "references": "https://github.com/HKUDS/OpenHarness/pull/127\nhttps://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af\nhttps://www.vulncheck.com/advisories/openharness-remote-administrative-command-injection-via-gateway-handler",
    "id": "CVE-2026-40502",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "HKUDS OpenHarness 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenHarness",
    "version": "0",
    "vendor": "HKUDS",
    "ai_description": "Command injection vulnerability in OpenHarness prior to commit dd1d235, allowing remote gateway users to invoke administrative commands without authorization.",
    "ai_severity": "High",
    "ai_vendor": "HKUDS",
    "ai_product": "OpenHarness",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply