CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

🗓️ 23 Jun 2026 15:36:01Reported by VulnCheckType

CVE-2026-56695: OpenHarness enables cross-session disclosure via /resume and /summary when remote_invocable is true.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-56695	23 Jun 202615:36	–	attackerkb
CVE	CVE-2026-56695	23 Jun 202615:36	–	cve
EUVD	EUVD-2026-38467	23 Jun 202615:36	–	euvd
NVD	CVE-2026-56695	23 Jun 202616:17	–	nvd
Positive Technologies	PT-2026-51533	23 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "HKUDS",
    "product": "OpenHarness",
    "defaultStatus": "unaffected",
    "packageURL": "pkg:pypi/openharness-ai",
    "versions": [
      {
        "version": "0",
        "lessThanOrEqual": "0.1.9",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "92e298852c9b9c8c2266236292073623418c640a",
        "versionType": "git"
      }
    ],
    "repo": "https://github.com/HKUDS/OpenHarness"
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/openharness-cross-session-disclosure-via-resume-and-summary-commands
github	www.github.com/HKUDS/OpenHarness/commit/92e298852c9b9c8c2266236292073623418c640a
github	www.github.com/HKUDS/OpenHarness/pull/276

23 Jun 2026 15:36Current

CVSS 3.16.5

CVSS 47.1

CWE-862