CVE-2026-40516

8.3 HIGH
Published: April 17, 2026 Modified: April 24, 2026
View on NVD

Description

OpenHarness before commitย bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae
Source: disclosure@vulncheck.com
Patch
https://github.com/HKUDS/OpenHarness/pull/92
Source: disclosure@vulncheck.com
Exploit Issue Tracking
https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search
Source: disclosure@vulncheck.com
Third Party Advisory
https://github.com/HKUDS/OpenHarness/pull/92
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit Issue Tracking

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.3 / 10.0
EPSS (Exploit Probability)
0.0%
6th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-918

Affected Vendors

hkuds

Related CVEs

CVE-2026-6704 6.1
CVE-2026-6702 6.1
CVE-2026-6701 4.3
CVE-2026-6700 4.3
CVE-2026-6696 6.1