All 8 CVE vulnerabilities found in OpenHarness, with AI-generated Chinese analysis, references, and POCs.
Vendor: HKUDS
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6823 | HKUDS OpenHarness Insecure Default Remote Channel Allowlist CWE-276 | 8.2 | High | 2026-04-21 |
| CVE-2026-6819 | HKUDS OpenHarness Plugin Management Command Exposure CWE-276 | 8.8 | High | 2026-04-21 |
| CVE-2026-6729 | HKUDS OpenHarness Session Key Collision Privilege Escalation CWE-287 | 6.3 | Medium | 2026-04-20 |
| CVE-2026-40516 | OpenHarness SSRF via web_fetch and web_search CWE-918 | 8.3 | High | 2026-04-17 |
| CVE-2026-40515 | OpenHarness Permission Bypass via grep and glob root argument CWE-863 | 7.5 | High | 2026-04-17 |
| CVE-2026-40502 | OpenHarness Remote Administrative Command Injection via Gateway Handler CWE-862 | 8.8 | High | 2026-04-16 |
| CVE-2026-40503 | OpenHarness Path Traversal Information Disclosure via /memory show CWE-22 | 6.5 | Medium | 2026-04-16 |
| CVE-2026-22682 | OpenHarness Improper Access Control via File Tools CWE-863 | 7.1 | High | 2026-04-07 |
All 8 known CVE vulnerabilities affecting OpenHarness with full Chinese analysis, references, and POCs where available.