CVE-2026-40516

HIGH 8.3

OpenHarness SSRF via web_fetch and web_search

CVSS Score

8.3

EPSS Score

0.0%

EPSS Percentile

0th

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.

CWE	CWE-918
Vendor	hkuds
Product	openharness
Published	Apr 17, 2026
Last Updated	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for hkuds openharness

Be the first to know when new high vulnerabilities affecting hkuds openharness are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

HKUDS / OpenHarness

0 < bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/HKUDS/OpenHarness/pull/92 github.com: https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae vulncheck.com: https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search

Credits

Chia Min Jun Lennon