CVE-2026-22812

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.0.216

Description OpenCode, an open source AI coding agent, has an issue where it automatically starts an unauthenticated HTTP server. This allows any local process, or any website due to permissive CORS settings, to execute arbitrary shell commands with the privileges of the user running the application. The vulnerability allows for remote code execution. The issue is related to a lack of authentication for a critical function.

The vulnerable endpoint is /session/{id}/shell, where id is a session identifier. Exploitation involves sending a POST request to this endpoint without any authentication, enabling direct command execution.

Recommendations Update OpenCode to version 1.0.216 or later.