CVE-2026-56696

MEDIUM 5.4

OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runtime system prompts, persistently influencing local agent behavior.

CWE	CWE-862
Vendor	hkuds
Product	openharness
Published	Jun 23, 2026
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for hkuds openharness

Be the first to know when new medium vulnerabilities affecting hkuds openharness are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

HKUDS / OpenHarness

0 ≤ 0.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/HKUDS/OpenHarness/pull/272 github.com: https://github.com/HKUDS/OpenHarness/commit/27bb93b810e9ea8fa4832eab7152eeb3b4a6bffb vulncheck.com: https://www.vulncheck.com/advisories/openharness-prompt-injection-via-issue-and-pr-comments-slash-commands

Credits

Chia Min Jun Lennon