Description
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
Published: 2026-04-07
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file access including reading sensitive data and creating/overwriting restricted files
Action: Immediate Patch
AI Analysis

Impact

The bug allows an attacker who can influence the execution of built‑in file tools to read or write files outside the intended repository, because the path argument is omitted from the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This can expose configuration files, credentials, SSH private keys, or allow the attacker to create or overwrite files in privileged host locations, especially when the full_auto mode is enabled. The consequence is loss of confidentiality and integrity, and potentially the ability to modify system state or elevate privileges.

Affected Systems

OpenHarness versions prior to commit 166fcfe are affected. The vulnerability applies to any installation of the HKUDS:OpenHarness product where the file tools are available and unpatched.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.4, indicating high severity. EPSS information is not available, and it is not listed in the CISA KEV catalog. Exploitation requires the attacker to be able to influence the agent tool execution, which typically means having authenticated control over the harness or exploiting a misconfiguration that exposes the tools to untrusted input. The potential impact is significant, especially if the harness is reachable from untrusted networks, leading to data exposure and potential system compromise.

Generated by OpenCVE AI on April 7, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version containing commit 166fcfe or later to fix the permission enforcement bug. If immediate upgrade is not possible, restrict which users or services can invoke the file tools, ensuring only trusted accounts have that capability. Disable full_auto mode if it is not required for your workflow. Monitor file access logs for unexpected reads or writes outside the repository. Verify your OpenHarness deployment is not exposed to untrusted networks or users.

Generated by OpenCVE AI on April 7, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hkuds
Hkuds openharness
Vendors & Products Hkuds
Hkuds openharness

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
Title OpenHarness Improper Access Control via File Tools
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hkuds Openharness
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T17:09:01.033Z

Reserved: 2026-01-08T19:04:26.365Z

Link: CVE-2026-22682

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-07T18:16:39.033

Modified: 2026-04-08T21:27:00.663

Link: CVE-2026-22682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:26Z

Weaknesses