CVE-2026-40515— OpenHarness Permission Bypass via grep and glob root argument
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40515
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenHarness Permission Bypass via grep and glob root argument
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenHarness 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenHarness是Data Intelligence Lab@HKU开源的一个轻量级智能体开发与运行框架。 OpenHarness存在安全漏洞,该漏洞源于权限检查器中路径规范化不完整,可能导致敏感文件读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HKUDS | OpenHarness | 0 ~ bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae | - |
II. Public POCs for CVE-2026-40515
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40515
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: OpenHarness
- CVE-2026-7551
HKUDS OpenHarness Remote Command Execution via /bridge Slash - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-6729
HKUDS OpenHarness Session Key Collision Privilege Escalation - CVE-2026-40516
OpenHarness SSRF via web_fetch and web_search
Same vendor: HKUDS
- CVE-2026-7551
HKUDS OpenHarness Remote Command Execution via /bridge Slash - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-6729
HKUDS OpenHarness Session Key Collision Privilege Escalation - CVE-2026-40516
OpenHarness SSRF via web_fetch and web_search
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2026-40515
No comments yet