Remote Command Vulnerability in OpenHarness Ohmo Gateway
CVE-2026-56695
7.1HIGH
What is CVE-2026-56695?
The OpenHarness Ohmo Gateway has a security flaw within its /resume and /summary commands. These commands have a default setting that permits remote invocation, allowing authorized external users to access and manipulate arbitrary session snapshots by their IDs. This flaw can be leveraged by attackers to enumerate sensitive data, including private prompts, user credentials, tool outputs, and file paths. The exposure of this private data through shared gateway channels represents a significant risk. Remediation efforts are recommended to patch this vulnerability to secure user information.
Affected Version(s)
OpenHarness 0 <= 0.1.9
OpenHarness 92e298852c9b9c8c2266236292073623418c640a
