Platform
nodejs
Component
opencode-ai
Fixed in
1.1.11
1.1.10
CVE-2026-22813 describes a critical cross-site scripting (XSS) vulnerability within the OpenCode AI web UI. This flaw allows a malicious website to leverage the server URL override feature, ultimately enabling arbitrary command execution on the local system. The vulnerability impacts versions of OpenCode AI prior to 1.1.10, and a patch has been released to address the issue.
The primary impact of CVE-2026-22813 stems from the ability to achieve remote code execution (RCE) on the host system. An attacker can craft a malicious website that exploits the XSS vulnerability to override the server URL. This manipulated URL can then be used to trigger the /pty/ endpoints within the OpenCode API, which are designed to spawn arbitrary processes. Successful exploitation grants the attacker the ability to execute commands with the privileges of the OpenCode process, potentially leading to complete system compromise, data exfiltration, or further lateral movement within the network. This vulnerability shares similarities with other XSS-to-RCE chains where user input is improperly sanitized and used to construct commands.
CVE-2026-22813 was publicly disclosed on 2026-01-13. While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity and the potential for RCE make it a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
The primary mitigation for CVE-2026-22813 is to immediately upgrade OpenCode AI to version 1.1.10 or later. This version includes a fix that addresses the underlying XSS vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious URL overrides. Additionally, restrict access to the /pty/ endpoints to trusted sources only. Regularly review and audit the OpenCode configuration to ensure that the server URL override feature is not exposed to untrusted input. After upgrading, confirm the fix by attempting to trigger the server URL override feature and verifying that the command execution is prevented.
Update OpenCode to version 1.1.10 or higher. This version fixes the XSS vulnerability by implementing HTML sanitization and/or a Content Security Policy (CSP) to prevent unwanted JavaScript execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22813 is a critical XSS vulnerability in OpenCode AI that allows attackers to execute arbitrary commands on the local system through the /pty/ API endpoints.
You are affected if you are using OpenCode AI versions prior to 1.1.10 and have not yet applied the patch.
Upgrade OpenCode AI to version 1.1.10 or later. As a temporary workaround, implement a WAF rule to block suspicious URL overrides.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity makes it a likely target.
Refer to the OpenCode AI project's official website or GitHub repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.