216.73.217.47

CVE-2026-6823

· Published 21/04/2026 21:16 · Modified 22/04/2026 21:23

Labels: CVE-2026-6823 2026-04-21CVE-2026-6823CWE-276[email protected]

Essential information

Published
21/04/2026 21:16
Modified
22/04/2026 21:23
Author
Creator
CVSS
8.3 HIGH (v3) 8.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hkuds / openharness cpe:2.3:a:hkuds:openharness:*:*:*:*:*:*:*:*

References