top of page
perceptive_background_267k.jpg

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitt…

Published:

20 April 2026 at 22:00:00

Alert date:

21 April 2026 at 22:04:46

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Security Tools

HKUDS OpenHarness prior to PR #147 contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] setting. This permits arbitrary remote senders to pass admission checks and bypass access controls. Attackers who can reach the configured channel can access host-backed agent runtimes. The vulnerability potentially leads to unauthorized file disclosure and read access through default-enabled read-only tools. The issue was remediated in version 0.1.7 and addressed through GitHub pull request #147.

Technical details

Mitigation steps:

Affected products:

HKUDS OpenHarness

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-6823
https://github.com/HKUDS/OpenHarness/commit/fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d
https://github.com/HKUDS/OpenHarness/pull/147
https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7
https://www.vulncheck.com/advisories/hkuds-openharness-insecure-default-remote-channel-allowlist

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page