CVE-2026-7551
HIGHHKUDS OpenHarness Remote Command Execution via /bridge Slash Command
Title source: cnaDescription
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the shared shell subprocess helper, allowing them to spawn shell sessions as the OpenHarness process user and access local files, credentials, workspace state, and repository contents.
References (3)
Scores
CVSS v3
8.8
EPSS
0.0022
EPSS Percentile
44.8%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
HKUDS/OpenHarness
< 438e373
Published
Apr 30, 2026
Tracked Since
May 01, 2026