Markdown Injection Vulnerability in OpenHarness by HKUDS
CVE-2026-56696
5.3MEDIUM
What is CVE-2026-56696?
A vulnerability in OpenHarness allows attackers to exploit the issue and pr_comments slash commands by bypassing the remote_invocable=False restriction. This permits the injection of malicious Markdown content into critical project context files, including .openharness/issue.md and .openharness/pr_comments.md. Once injected, this malicious content can influence the behavior of local agents during runtime, posing a significant risk to project integrity and security.
Affected Version(s)
OpenHarness 0 <= 0.1.9
OpenHarness 27bb93b810e9ea8fa4832eab7152eeb3b4a6bffb
