CVE-2026-40515

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-40515

Affected Products

Openharness

CVE-2026-40515

Weakness Enumeration

Related Identifiers

Affected Products

References · 5