Plattform
nodejs
Komponente
opencode-ai
Behoben in
1.1.11
1.1.10
CVE-2026-22813 describes a critical Cross-Site Scripting (XSS) vulnerability within the OpenCode AI web UI. This flaw allows attackers to leverage the server URL override feature to inject malicious scripts, ultimately leading to remote code execution on the local system. The vulnerability impacts versions of OpenCode AI prior to 1.1.10, and a patch has been released to address the issue.
The impact of CVE-2026-22813 is severe due to the potential for remote code execution. An attacker can craft a malicious website that, when visited by a user running OpenCode AI, exploits the XSS vulnerability to override the server URL. This allows the attacker to inject JavaScript code that can then access and abuse the /pty/ API endpoints. These endpoints enable the spawning of arbitrary processes on the local machine, effectively granting the attacker complete control over the system. This is akin to a remote shell, allowing for data theft, malware installation, and further lateral movement within the network.
CVE-2026-22813 was publicly disclosed on January 13, 2026. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential for significant impact suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature and the availability of the /pty/ API.
Organizations utilizing OpenCode AI for local development or testing environments are particularly at risk, especially if the web UI is exposed to the internet or untrusted networks. Shared hosting environments where multiple users have access to the OpenCode instance are also vulnerable.
• nodejs / server: Monitor process execution for unexpected commands originating from the OpenCode AI process. Use ps aux | grep opencode to identify running instances and their associated commands.
• generic web: Examine access logs for requests containing suspicious URL parameters attempting to override the server URL. Look for patterns like http://malicious.com?url=....
• generic web: Check response headers for signs of XSS payloads or unexpected behavior after submitting input to the server URL override feature. Use curl -I http://localhost:4096 to inspect headers.
disclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-22813 is to immediately upgrade OpenCode AI to version 1.1.10 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) to filter requests containing malicious server URL overrides. Specifically, block requests containing suspicious URL parameters or patterns designed to exploit the override feature. Additionally, restrict access to the /pty/ API endpoints to trusted sources only. After upgrading, confirm the fix by attempting to access the web UI with a crafted URL designed to trigger the XSS vulnerability; it should no longer execute arbitrary commands.
Actualice OpenCode a la versión 1.1.10 o superior. Esta versión corrige la vulnerabilidad XSS al implementar sanitización de HTML y/o una política de seguridad de contenido (CSP) para prevenir la ejecución de JavaScript no deseado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22813 is a critical XSS vulnerability in OpenCode AI that allows attackers to execute arbitrary commands on the local system through the /pty/ API endpoints.
You are affected if you are using OpenCode AI versions prior to 1.1.10 and have not yet applied the patch.
Upgrade OpenCode AI to version 1.1.10 or later. As a temporary workaround, implement a WAF rule to block suspicious URL overrides.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity makes it a likely target.
Refer to the OpenCode AI project's official website or GitHub repository for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.