CVE-2026-40516 in OpenHarnessالمعلومات

الملخص

بحسب MITRE • 17/04/2026

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

13/04/2026

إفشاء

17/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-358087

CPE

جاهز

CWE

CWE-918 (مؤكد)

CVSS

8.3 (CNA)

EPSS

0.00034

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40516
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40516
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40516/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!