CVE-2026-56695

OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/HKUDS/OpenHarness/commit/92e298852c9b9c8c2266236292073623418c640a
https://github.com/HKUDS/OpenHarness/pull/276
https://www.vulncheck.com/advisories/openharness-cross-session-disclosure-via-resume-and-summary-commands
https://github.com/HKUDS/OpenHarness/pull/276

Configurations

No configuration.

History

24 Jun 2026, 15:16

Type	Values Removed	Values Added
References	~~() https://github.com/HKUDS/OpenHarness/pull/276 -~~	() https://github.com/HKUDS/OpenHarness/pull/276 -

23 Jun 2026, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-23 16:17

Updated : 2026-06-24 15:16

NVD link : CVE-2026-56695

Mitre link : CVE-2026-56695

CVE.ORG link : CVE-2026-56695

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-56695", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-56695", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-24T13:53:56.767403Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"repo": "https://github.com/HKUDS/OpenHarness", "vendor": "HKUDS", "product": "OpenHarness", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.1.9"}, {"status": "unaffected", "version": "92e298852c9b9c8c2266236292073623418c640a", "versionType": "git"}], "packageURL": "pkg:pypi/openharness-ai", "defaultStatus": "unaffected"}]}], "published": "2026-06-23T16:17:06.170", "references": [{"url": "https://github.com/HKUDS/OpenHarness/commit/92e298852c9b9c8c2266236292073623418c640a", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/HKUDS/OpenHarness/pull/276", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/openharness-cross-session-disclosure-via-resume-and-summary-commands", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/HKUDS/OpenHarness/pull/276", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels."}], "lastModified": "2026-06-24T15:16:42.977", "sourceIdentifier": "disclosure@vulncheck.com"}