← Zuruck zu CVEs

CVE-2026-6729

MEDIUM

6.3

Beschreibung

HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt their active tasks by colliding into the same session boundary through the shared chat or thread scope.

CVE Details

CVSS v3.1 Bewertung6.3

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht4/20/2026

Zuletzt geandert4/24/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

hkuds:openharness

Schwachen (CWE)

CWE-287

Referenzen

https://github.com/HKUDS/OpenHarness/commit/3186851c479ee714a9bb9aa6cd77017db7e589e2(disclosure@vulncheck.com)

https://github.com/HKUDS/OpenHarness/pull/159(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/hkuds-openharness-session-key-collision-privilege-escalation(disclosure@vulncheck.com)

https://github.com/HKUDS/OpenHarness/pull/159(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.