Platform
python
Component
openhands
Fixed in
1.5.1
1.5.0
CVE-2026-33718 describes a Command Injection vulnerability discovered in OpenHands, an AI-driven development software. This flaw allows authenticated attackers to execute arbitrary commands within the agent sandbox, bypassing standard command execution channels. The vulnerability impacts versions of OpenHands up to 1.4.1, and a fix is available in version 1.5.0.
The impact of this vulnerability is significant. An attacker, already authenticated within the OpenHands environment, can leverage the /api/conversations/{conversation_id}/git/diff endpoint to inject malicious commands. These commands are then executed within the agent's sandbox, potentially granting the attacker control over the development environment. This could lead to data exfiltration, modification of code, or even complete system compromise. The ability to bypass normal command execution channels amplifies the risk, as it circumvents existing security controls designed to limit agent capabilities. The blast radius extends to any sensitive data or code managed within the OpenHands environment.
CVE-2026-33718 was publicly disclosed on March 25, 2026. Its severity is rated HIGH (CVSS:7.6). Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the nature of Command Injection vulnerabilities, it is reasonable to expect that public exploits may emerge over time.
Exploit Status
EPSS
0.30% (54% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33718 is to upgrade OpenHands to version 1.5.0 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/conversations/{conversation_id}/git/diff endpoint to only authorized users and services. Implement strict input validation on the path parameter to sanitize any potentially malicious characters. Consider using a Web Application Firewall (WAF) to filter out suspicious requests targeting this endpoint. Monitor system logs for unusual command execution activity originating from the OpenHands agent sandbox.
Update OpenHands to version 1.5.0 or higher. This version corrects the command injection vulnerability in Git diff handling.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33718 is a Command Injection vulnerability affecting OpenHands versions up to 1.4.1. It allows authenticated attackers to execute arbitrary commands within the agent sandbox via a specific API endpoint.
You are affected if you are using OpenHands version 1.4.1 or earlier. Verify your version and upgrade as soon as possible.
Upgrade OpenHands to version 1.5.0 or later. As a temporary workaround, restrict access to the vulnerable API endpoint and implement input validation.
As of now, there are no confirmed reports of active exploitation. However, given the nature of Command Injection vulnerabilities, exploitation is possible.
Refer to the OpenHands official security advisory for detailed information and updates: [https://openhands.example/security/advisories/CVE-2026-33718] (replace with actual advisory URL)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.