13ernkastel

8 exploits Active since Mar 2026
CVE-2026-40515 WRITEUP HIGH WRITEUP
OpenHarness Permission Bypass via grep and glob root argument
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.
CVSS 7.5
CVE-2026-40516 WRITEUP HIGH WRITEUP
OpenHarness SSRF via web_fetch and web_search
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
CVSS 8.3
CVE-2026-22680 WRITEUP MEDIUM WRITEUP
OpenViking < 0.3.3 Missing Authorization via Task Polling
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{task_id} routes without authentication to expose task type, task status, resource identifiers, archive URIs, result payloads, and error information, potentially causing cross-tenant interference in multi-tenant deployments.
CVSS 5.3
CVE-2026-22682 WRITEUP HIGH WRITEUP
OpenHarness Improper Access Control via File Tools
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.
CVSS 7.1
CVE-2026-34430 WRITEUP HIGH WRITEUP
ByteDance DeerFlow LocalSandboxProvider Host Bash Escape
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.
CVSS 8.8
CVE-2026-34999 WRITEUP MEDIUM WRITEUP
OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without providing valid credentials.
CVSS 5.3
CVE-2026-32859 WRITEUP MEDIUM WRITEUP
ByteDance DeerFlow Stored XSS via Inline Artifact Rendering
ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.
CVSS 5.4
CVE-2026-28518 WRITEUP HIGH WRITEUP
OpenViking <=0.2.1 - Path Traversal
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges.
CVSS 7.8