CVE-2026-22812 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function), CWE-749 (Exposed Dangerous Method or Function), and CWE-942 (Permissive Cross-domain Whitelist). OpenCode, an open-source AI coding assistant developed by anomalyco, prior to version 1.0.216, automatically launches an HTTP server without requiring authentication. This server listens locally and, due to overly permissive Cross-Origin Resource Sharing (CORS) policies, can be accessed not only by local processes but also by any website, enabling remote code execution. Attackers can exploit this by sending crafted HTTP requests to execute arbitrary shell commands with the privileges of the user running OpenCode. The vulnerability impacts confidentiality (exposure of sensitive data), integrity (unauthorized code execution), and availability (potential system disruption). The CVSS v3.1 score of 8.8 reflects the network attack vector, low attack complexity, no privileges required, but requiring user interaction (e.g., visiting a malicious website). The vulnerability is fixed in OpenCode version 1.0.216 by introducing proper authentication and tightening CORS policies. No public exploits have been reported yet, but the risk remains high due to the ease of exploitation and the critical nature of the flaw.

For European organizations, this vulnerability poses a significant risk, particularly for software development firms, research institutions, and enterprises integrating AI coding tools into their workflows. Exploitation could lead to unauthorized command execution, data theft, insertion of malicious code into software projects, and disruption of development environments. The breach of confidentiality and integrity could compromise intellectual property and sensitive customer data. Additionally, availability impacts could halt development pipelines, causing operational delays. Given the permissive CORS settings, even web-based attacks are feasible, increasing the attack surface. Organizations relying on OpenCode in multi-user or networked environments face elevated risks. The potential for lateral movement within internal networks also exists if attackers gain initial access via this vulnerability.

Immediate upgrade to OpenCode version 1.0.216 or later is essential to remediate this vulnerability. Organizations should audit their environments to identify any instances of OpenCode running vulnerable versions. Network segmentation should be enforced to restrict access to the local HTTP server only to trusted processes or users. Implement strict firewall rules or local host-based access controls to prevent external or unauthorized internal access. Review and tighten CORS policies to limit origins that can interact with the HTTP server. Employ endpoint detection and response (EDR) tools to monitor for suspicious command execution activities. Educate users about the risks of visiting untrusted websites that could exploit this vulnerability via CORS. Finally, integrate vulnerability scanning for OpenCode versions into regular security assessments and CI/CD pipelines.