8 matches found
CVE-2026-40503
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-40503
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-40503
OpenHarness CVE-2026-40503 affects releases prior to commit dd1d235. The issue is a path traversal vulnerability in the /memory show command that lets remote gateway users with chat access read arbitrary files outside the project memory directory, bypassing filesystem containment validation. CVSS...
EUVD-2026-23143
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-40503 OpenHarness Path Traversal Information Disclosure via /memory show
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-40503 OpenHarness Path Traversal Information Disclosure via /memory show
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
PT-2026-33196
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
OpenHarness 安全漏洞
OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Previous versions of OpenHarness had security vulnerabilities. These vulnerabilities stemmed from the /memory show command not performing file system validation on path input parameters, allowing remote...