HKUDS OpenHarness versions before the fix in PR #147 have an insecure default configuration vulnerability (CWE-276) where remote communication channels inherit overly permissive access controls (allow_from = ["*"]). This allows arbitrary remote senders to bypass admission checks and interact with host-backed agent runtimes. The vulnerability can lead to unauthorized disclosure of files and read access through tools enabled by default in a read-only mode. The CVSS 4.0 score is 8.3, indicating high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed.

Attackers who can reach the vulnerable remote channels may bypass access controls and gain unauthorized read access to files on the host system via default read-only tools. This could lead to sensitive information disclosure. There are no known exploits in the wild at this time. The vulnerability affects all versions prior to the remediation in PR #147.

Patch status is not yet confirmed — no official patch or remediation level has been provided. Users should monitor the vendor's advisory for updates and apply the remediation from PR #147 once available. Until then, restricting network access to the affected channels and disabling or restricting default-enabled read-only tools may reduce exposure.