Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HKUDS — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting HKUDS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HKUDS is a software platform primarily used for enterprise content management and document processing workflows. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 14 recorded CVEs. The platform's complex architecture and extensive integration capabilities have contributed to persistent security challenges, with several critical vulnerabilities allowing unauthorized system access and data exfiltration. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its web interface and API components remains a significant concern for organizations relying on this system for sensitive document handling.

Top products by HKUDS: OpenHarness nanobot LightRAG
CVE IDTitleCVSSSeverityPublished
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command — OpenHarnessCWE-78 8.8 High2026-04-30
CVE-2026-6823 HKUDS OpenHarness Insecure Default Remote Channel Allowlist — OpenHarnessCWE-276 8.2 High2026-04-21
CVE-2026-6819 HKUDS OpenHarness Plugin Management Command Exposure — OpenHarnessCWE-276 8.8 High2026-04-21
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation — OpenHarnessCWE-287 6.3 Medium2026-04-20
CVE-2026-40516 OpenHarness SSRF via web_fetch and web_search — OpenHarnessCWE-918 8.3 High2026-04-17
CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument — OpenHarnessCWE-863 7.5 High2026-04-17
CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler — OpenHarnessCWE-862 8.8 High2026-04-16
CVE-2026-40503 OpenHarness Path Traversal Information Disclosure via /memory show — OpenHarnessCWE-22 6.5 Medium2026-04-16
CVE-2026-35589 nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update) — nanobotCWE-1385 8.0 High2026-04-14
CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API — LightRAGCWE-347 4.2 Medium2026-04-08
CVE-2026-22682 OpenHarness Improper Access Control via File Tools — OpenHarnessCWE-863 7.1 High2026-04-07
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling — nanobotCWE-94 10.0 -2026-03-27
CVE-2026-2577 Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge — nanobotCWE-306 10.0 Critical2026-02-16
CVE-2025-6773 HKUDS LightRAG File Upload document_routes.py upload_to_input_dir path traversal — LightRAGCWE-22 5.3 Medium2025-06-27

This page lists every published CVE security advisory associated with HKUDS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.