What is CVE-2026-55743?

CVE-2026-55743 is a critical-severity vulnerability in Tinyhumansai Openhuman, classified under OS Command Injection. CVSS score: 9.6/10. Published 2026-06-17.

How severe is CVE-2026-55743?

Critical severity. CVSS v3 base score is 9.6 out of 10.

RCE in Tinyhumansai Openhuman

CVE-2026-55743

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in sr…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Tinyhumansai Openhuman — versions 0

Weakness classification (CWE)

References

309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c (product)
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c (technical-description)
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c (patch)

Frequently asked questions

What is CVE-2026-55743?: CVE-2026-55743 is a critical-severity vulnerability in Tinyhumansai Openhuman, classified under OS Command Injection. CVSS score: 9.6/10. Published 2026-06-17.
How severe is CVE-2026-55743?: Critical severity. CVSS v3 base score is 9.6 out of 10.