Hkuds Openharness
9 CVEs affecting Hkuds Openharness. Latest disclosed: 2026-04-30. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-7551 | High | 8.8 | 2026-04-30 | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute a… |
CVE-2026-6819 | High | 8.8 | 2026-04-21 | HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugin… |
CVE-2026-40502 | High | 8.8 | 2026-04-16 | OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administra… |
CVE-2026-40516 | High | 8.3 | 2026-04-17 | OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access pr… |
CVE-2026-6823 | High | 8.2 | 2026-04-21 | HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permit… |
CVE-2026-40515 | High | 7.5 | 2026-04-17 | OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normal… |
CVE-2026-22682 | High | 7.1 | 2026-04-07 | OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permissi… |
CVE-2026-40503 | Medium | 6.5 | 2026-04-16 | OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supply… |
CVE-2026-6729 | Medium | 6.3 | 2026-04-20 | HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or thread… |