Description
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.
Published: 2026-04-17
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Permission Bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from incomplete path normalization in OpenHarness's permission checking logic, allowing an attacker to invoke the built‑in grep and glob utilities with root‑level arguments that bypass configured path restrictions. This grants read access to sensitive local files, such as key material, configuration files, or directory listings, that would normally be protected. The weakness is a classic example of path traversal and falls under CWE‑863.

Affected Systems

The affected product is OpenHarness from HKUDS. Version information is not specified in the advisory, so any installation prior to the commit that introduced the fix may be impacted. The fix is present in commit bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae and can be applied by updating to the latest release or by manually merging the changes.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation at the time of disclosure. Based on the description, it is inferred that the likely attack vector involves local execution or command injection, as the attacker must execute or influence the built‑in grep and glob commands. Exploitation requires the ability to supply arguments to these utilities, and no special privileges are required beyond those necessary to run OpenHarness.

Generated by OpenCVE AI on April 18, 2026 at 17:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenHarness to the latest version that includes commit bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae or otherwise apply the patch directly.
  • If an immediate upgrade is not possible, restrict or disable access to the built‑in grep and glob functionalities from within OpenHarness to prevent the root argument abuse.
  • Review and enforce strict path validation rules in the permission checker to ensure any root argument paths are properly normalized against configured restrictions.

Generated by OpenCVE AI on April 18, 2026 at 17:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Hkuds
Hkuds openharness
Vendors & Products Hkuds
Hkuds openharness

Fri, 17 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.
Title OpenHarness Permission Bypass via grep and glob root argument
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hkuds Openharness
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-17T16:00:07.116Z

Reserved: 2026-04-13T20:29:02.809Z

Link: CVE-2026-40515

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T17:17:09.067

Modified: 2026-04-17T19:01:56.030

Link: CVE-2026-40515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:15:05Z

Weaknesses