CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae
https://github.com/HKUDS/OpenHarness/pull/92
https://www.vulncheck.com/advisories/openharness-permission-bypass-via-grep-and-glob-root-argument

Products affected by CVE-2026-40515

Hkuds » Openharness » Version: Any

cpe:2.3:a:hkuds:openharness:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40515

Products

Pricing

Contact Us