Lucene search
K

5 matches found

NVD
NVD
added 2026/06/23 4:17 p.m.14 views

CVE-2026-56695

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38469

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.4CVSS6AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38467

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 3:36 p.m.37 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:36 p.m.20 views

CVE-2026-56695

OpenHarness ohmo gateway exposed by default to remote invocation via /resume and /summary, enabling attackers to enumerate and load arbitrary session snapshots by ID. This can grant access to private prompts, credentials, tool output, and file paths through shared gateway channels. Documented imp...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder