CVE-2026-40502

HIGH 8.8

OpenHarness Remote Administrative Command Injection via Gateway Handler

CVSS Score

8.8

EPSS Score

0.2%

EPSS Percentile

41th

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execute administrative commands such as /permissions full_auto through remote chat sessions to change permission modes of a running OpenHarness instance without operator authorization.

CWE	CWE-862
Vendor	hkuds
Product	openharness
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for hkuds openharness

Be the first to know when new high vulnerabilities affecting hkuds openharness are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

HKUDS / OpenHarness

0 < dd1d235450dd987b20bff01b7bfb02fe8620a0af

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/HKUDS/OpenHarness/pull/127 github.com: https://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af vulncheck.com: https://www.vulncheck.com/advisories/openharness-remote-administrative-command-injection-via-gateway-handler

Credits

Chia Min Jun Lennon