Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
OpenHarness allows unauthorized access to sensitive files via malicious chat commands
CVE-2026-40503
Summary
OpenHarness users with chat access can read sensitive files if an attacker tricks them into entering malicious commands. This can compromise sensitive project data. Update to a fixed version of OpenHarness to prevent this risk.
Original title
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /m...
Original description
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.
nvd CVSS3.1
6.5
nvd CVSS4.0
7.1
Vulnerability type
CWE-22
Path Traversal
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026