CVE 8.7 HIGH

HKUDS OpenHarness Remote Command Execution via /bridge Slash Command_CVE-2026-7551

April 30, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the shared shell subprocess helper, allowing them to spawn shell sessions as the OpenHarness process user and access local files, credentials, workspace state, and repository contents.

AI Analysis

Remote code execution vulnerability in HKUDS OpenHarness via /bridge slash command

Basic Information

ID CVE-2026-7551

Source VulnCheck

Published Apr 30, 2026 at 21:29

Affected Product

Vendor HKUDS

Product OpenHarness

Affected Versions HKUDS OpenHarness 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor HKUDS

Product OpenHarness

References

{
    "lastseen": "",
    "description": "HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the shared shell subprocess helper, allowing them to spawn shell sessions as the OpenHarness process user and access local files, credentials, workspace state, and repository contents.",
    "published": "2026-04-30T21:29:17.362Z",
    "modified": "2026-04-30T21:29:17.362Z",
    "type": "cve",
    "title": "HKUDS OpenHarness Remote Command Execution via /bridge Slash Command",
    "source": "VulnCheck",
    "references": "https://github.com/HKUDS/OpenHarness/pull/208\nhttps://github.com/HKUDS/OpenHarness/commit/438e37309778e19060dfe7b172eb142e543c4cd6\nhttps://www.vulncheck.com/advisories/hkuds-openharness-remote-command-execution-via-bridge-slash-command",
    "id": "CVE-2026-7551",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "HKUDS OpenHarness 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenHarness",
    "version": "0",
    "vendor": "HKUDS",
    "ai_description": "Remote code execution vulnerability in HKUDS OpenHarness via /bridge slash command",
    "ai_severity": "High",
    "ai_vendor": "HKUDS",
    "ai_product": "OpenHarness",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply