Home

Description

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.

PUBLISHED Reserved 2026-03-23 | Published 2026-03-27 | Updated 2026-03-27 | Assigner GitHub_M




HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

< 1.5.0
affected

References

github.com/...nHands/security/advisories/GHSA-7h8w-hj9j-8rjw

github.com/OpenHands/OpenHands/pull/13051

docs.python.org/3/library/shlex.html

docs.python.org/3/library/subprocess.html

owasp.org/www-community/attacks/Command_Injection

cve.org (CVE-2026-33718)

nvd.nist.gov (CVE-2026-33718)

Download JSON