Description
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.
Published: 2026-04-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

OpenHarness before commit dd1d235 suffered from a path‑traversal flaw in the /memory show command. A remote user with chat access can supply traversal sequences that cause the OpenHarness process to read any file reachable in the file system, leading to unintended disclosure of sensitive data. The vulnerability relies on lack of filesystem containment checks when resolving the input path (CWE-22).

Affected Systems

Affected systems are deployments of OpenHarness using a version prior to commit dd1d235450dd987b20bff01b7bfb02fe8620a0af, provided by the HKUDS vendor. The flaw exists in all installations that expose the /memory show command to chat users.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high risk, while the EPSS score is below 1%, suggesting a low but non-zero exploitation probability. The requirement of remote gateway chat access limits the threat to environments where such access is granted. Attackers can retrieve arbitrary files through the web API using a simple HTTP request to the /memory show slash command, resulting in a confidentiality breach with potential operational impact.

Generated by OpenCVE AI on April 17, 2026 at 05:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenHarness to any revision that includes the patch after commit dd1d235 or apply the fix manually by restricting path traversal.
  • Disable or restrict the /memory show command for untrusted users, limiting its use to privileged accounts only.
  • Monitor system logs for attempts to read or list files through the /memory show command and investigate any suspicious activity.

Generated by OpenCVE AI on April 17, 2026 at 05:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Hkuds
Hkuds openharness
Vendors & Products Hkuds
Hkuds openharness

Thu, 16 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.
Title OpenHarness Path Traversal Information Disclosure via /memory show
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hkuds Openharness
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-16T13:42:38.789Z

Reserved: 2026-04-13T20:29:02.808Z

Link: CVE-2026-40503

cve-icon Vulnrichment

Updated: 2026-04-16T13:41:03.089Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T01:16:11.440

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-40503

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:00:09Z

Weaknesses