CVE-2026-56696

Summary

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runtime system prompts, persistently influencing local agent behavior.

Affected Software

VendorProductVersion RangeStatus
HKUDSOpenHarness0 <= 0.1.9affected
HKUDSOpenHarness27bb93b810e9ea8fa4832eab7152eeb3b4a6bffbunaffected

Weaknesses

  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References