Home

Description

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.

PUBLISHED Reserved 2026-04-13 | Published 2026-04-16 | Updated 2026-04-16 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before dd1d235450dd987b20bff01b7bfb02fe8620a0af
affected

Credits

Chia Min Jun Lennon finder

References

github.com/HKUDS/OpenHarness/pull/127 issue-tracking

github.com/...ommit/dd1d235450dd987b20bff01b7bfb02fe8620a0af patch

www.vulncheck.com/...-information-disclosure-via-memory-show third-party-advisory

cve.org (CVE-2026-40503)

nvd.nist.gov (CVE-2026-40503)

Download JSON