CVE-2026-40515

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to commit bd4df81

Description Incomplete path normalization in the permission checker allows attackers to bypass permissions and read sensitive files. By invoking the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, an attacker can disclose sensitive local file content, key material, configuration files, or directory contents.

Recommendations Update to commit bd4df81 or a newer version.