Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.6

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. ...

GHSA-7h8w-hj9j-8rjw CVE-2026-33718
Summary

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed un...

What to do
  • Update openhands to version 1.5.0.
Affected software
VendorProductAffected versionsFix available
– openhands <= 1.5.0 1.5.0
Original title
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. ...
Original description
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.
ghsa CVSS3.1 7.6
Vulnerability type
CWE-78 OS Command Injection
Published: 27 Mar 2026 · Updated: 27 Mar 2026 · First seen: 25 Mar 2026