Plattform
python
Komponente
openharness
Behoben in
bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae
CVE-2026-40516 describes a server-side request forgery (SSRF) vulnerability discovered in OpenHarness. This flaw allows attackers to potentially access sensitive internal resources by manipulating tool parameters within the webfetch and websearch tools. The vulnerability impacts OpenHarness versions prior to commit bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae, and a fix has been released in the specified commit.
The SSRF vulnerability in OpenHarness allows attackers to craft malicious requests that the OpenHarness agent will execute on behalf of the attacker. This can lead to unauthorized access to private HTTP services running on the same host or network as the OpenHarness agent. Attackers could exploit this to read response bodies from local development services, cloud metadata endpoints (potentially exposing credentials), admin panels, or other private HTTP services. The potential impact includes data exfiltration, privilege escalation, and potentially even remote code execution if the accessed services are vulnerable. This vulnerability shares similarities with other SSRF exploits where attackers leverage trusted internal connections to access restricted resources.
CVE-2026-40516 was publicly disclosed on 2026-04-17. The vulnerability is not currently listed on the CISA KEV catalog. There are no publicly known proof-of-concept exploits available at this time, but the SSRF nature of the vulnerability makes it likely that one will emerge. The EPSS score is pending evaluation.
Organizations deploying OpenHarness in environments with sensitive internal services, particularly those utilizing cloud metadata endpoints or local development services, are at increased risk. Shared hosting environments where OpenHarness agents have broad network access are also particularly vulnerable.
• python / server:
import requests
import os
def check_ssrf(url):
try:
response = requests.get(url, timeout=5)
print(f"[+] URL {url} accessible. Status code: {response.status_code}")
return True
except requests.exceptions.RequestException as e:
print(f"[-] URL {url} not accessible: {e}")
return False
# Example usage (replace with internal service URLs)
internal_urls = ["http://localhost:8080/admin", "http://169.254.169.254/latest/meta-data/", "http://127.0.0.1:5000/api/v1/users"] # Example URLs
for url in internal_urls:
check_ssrf(url)• linux / server:
journalctl -u openharness -f | grep -i "web_fetch" # Monitor for web_fetch calls• generic web:
curl -I http://<openharness_host>/api/v1/tools/web_fetch # Check endpoint exposuredisclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-40516 is to upgrade OpenHarness to version bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access from the OpenHarness agent to only necessary resources. Additionally, implement strict input validation on all parameters passed to the webfetch and websearch tools to prevent attackers from manipulating the target addresses. WAF rules can be configured to block requests to RFC1918, link-local, and other non-public addresses. After upgrading, confirm the fix by attempting to invoke the webfetch and websearch tools with crafted URLs targeting internal services and verifying that access is denied.
Aktualisieren Sie OpenHarness auf die Version, die die Korrektur bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae enthält. Diese Korrektur validiert angemessen die Zieladressen in den (web_fetch) und (web_search) Tools, wodurch unautorisierter Zugriff auf interne Dienste verhindert wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40516 is a server-side request forgery vulnerability in OpenHarness that allows attackers to access private HTTP services by manipulating tool parameters.
You are affected if you are using OpenHarness versions 0.0.0–bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae.
Upgrade OpenHarness to version bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae or later. Implement input validation and WAF rules as temporary mitigations.
As of the current disclosure date, there is no indication of active exploitation.
Refer to the OpenHarness project's official security advisories and release notes for the most up-to-date information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.