Remote Code Execution Vulnerability in HKUDS OpenHarness
CVE-2026-7551

8.7HIGH

Key Information:

Vendor: Hkuds
Status: Openharness
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-7551?

HKUDS OpenHarness possesses a vulnerability in its /bridge command, enabling remote attackers to execute arbitrary operating system commands. By issuing the /bridge spawn command with specially crafted command text, unauthorized users can gain control over the bridge session manager. This allows them to spawn shell sessions as the OpenHarness process user, potentially exposing local files, user credentials, workspace states, and repository contents. Mitigation measures should be implemented to ensure the integrity and confidentiality of the system.

Affected Version(s)

OpenHarness 0 < 438e373

References

https://github.com/HKUDS/OpenHarness/pull/208

https://github.com/HKUDS/OpenHarness/commit/438e37309778e...

patch

https://www.vulncheck.com/advisories/hkuds-openharness-re...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

Chia Min Jun Lennon

CVE-2026-7551 Data

JSON

Hkuds

What is CVE-2026-7551?

Affected Version(s)

References

CVSS V4

Timeline

Credit