CVE-2026-22682: CWE-863 Incorrect Authorization in HKUDS OpenHarness
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
AI Analysis
Technical Summary
OpenHarness versions before commit 166fcfe contain a CWE-863 improper authorization vulnerability due to inconsistent handling of the path parameter in permission enforcement for built-in file tools. Specifically, the path parameter is not passed to the PermissionChecker in several tools (read_file, write_file, edit_file, notebook_edit), allowing attackers with limited privileges who can influence agent tool execution to bypass access controls. This enables reading arbitrary local files outside the repository scope and creating or overwriting files in restricted host paths when operating in full_auto mode. The vulnerability has a CVSS 4.0 score of 8.4 (high severity), indicating significant impact potential. No patch or vendor advisory confirming remediation is currently available.
Potential Impact
Successful exploitation allows attackers with limited privileges to bypass intended access controls and read sensitive local files such as configuration files, credentials, and SSH keys. Additionally, attackers can create or overwrite files in restricted host paths under certain modes, potentially leading to unauthorized data disclosure or modification. This compromises confidentiality and integrity of the affected system's local files.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to agent tool execution to trusted users only and monitor for unauthorized use of the affected file tools. Avoid running OpenHarness in full_auto mode if possible, as it increases risk of file creation or overwriting. Follow vendor updates closely for an official patch or mitigation instructions.
CVE-2026-22682: CWE-863 Incorrect Authorization in HKUDS OpenHarness
Description
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenHarness versions before commit 166fcfe contain a CWE-863 improper authorization vulnerability due to inconsistent handling of the path parameter in permission enforcement for built-in file tools. Specifically, the path parameter is not passed to the PermissionChecker in several tools (read_file, write_file, edit_file, notebook_edit), allowing attackers with limited privileges who can influence agent tool execution to bypass access controls. This enables reading arbitrary local files outside the repository scope and creating or overwriting files in restricted host paths when operating in full_auto mode. The vulnerability has a CVSS 4.0 score of 8.4 (high severity), indicating significant impact potential. No patch or vendor advisory confirming remediation is currently available.
Potential Impact
Successful exploitation allows attackers with limited privileges to bypass intended access controls and read sensitive local files such as configuration files, credentials, and SSH keys. Additionally, attackers can create or overwrite files in restricted host paths under certain modes, potentially leading to unauthorized data disclosure or modification. This compromises confidentiality and integrity of the affected system's local files.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to agent tool execution to trusted users only and monitor for unauthorized use of the affected file tools. Avoid running OpenHarness in full_auto mode if possible, as it increases risk of file creation or overwriting. Follow vendor updates closely for an official patch or mitigation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-08T19:04:26.365Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5874d43e2781bad84f51b
Added to database: 4/7/2026, 10:38:05 PM
Last enriched: 4/15/2026, 12:27:00 PM
Last updated: 5/23/2026, 5:55:27 PM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.