CVE-2026-22812

The repository contains a Python script designed to detect CVE-2026-22812 by checking for command execution vulnerabilities in OpenCode. It sends a crafted request to the '/session' endpoint and attempts to execute the 'id' command via the '/session/{id}/shell' endpoint.

This repository contains a comprehensive Python-based exploit for CVE-2026-22812, an unauthenticated RCE vulnerability in OpenCode versions prior to 1.0.216. The exploit includes features for interactive shell access, file operations, and system enumeration.

The repository contains TypeScript-based tooling for GitHub API interactions but lacks any exploit code or vulnerability details for CVE-2026-22812. No offensive techniques or PoC exploit logic is present.

This is a functional exploit for CVE-2026-22812 targeting OpenCode versions below 1.0.216, enabling remote command execution via session manipulation and shell command injection. The script includes session management, file read/write capabilities, and command execution functionality.

This PoC exploits an unauthenticated command injection vulnerability in a web application by sending a crafted JSON payload to a session endpoint, resulting in arbitrary command execution (e.g., `touch /tmp/grass`). The exploit iterates through available sessions to find a vulnerable one.

The repository contains a functional Python exploit for CVE-2026-22812, targeting OpenCode RCE vulnerabilities in versions prior to 1.0.216. The exploit includes session management, command execution, file read/write operations, and proxy support.

This repository provides a detailed technical analysis and remediation guidance for CVE-2026-22812 and CVE-2026-22813, which involve unauthenticated RCE and XSS-to-RCE vulnerabilities in AI coding agent platforms. It includes exposure data, sources, and an agent-executable remediation manifest.

This repository contains a Python-based exploit for CVE-2026-22812, targeting OpenCode servers. The exploit allows for remote command execution (RCE) and file reading by leveraging session creation and command injection via the `/session/{id}/shell` endpoint.

This repository provides a Nuclei template for scanning CVE-2026-22812, an unauthenticated RCE vulnerability in OpenCode. It includes Burp Suite request examples demonstrating the exploit chain.