CVE-2026-6729

Name of the Vulnerable Software and Affected Versions HKUDS OpenHarness versions prior to PR #159

Description A session key derivation issue allows authenticated participants in shared chats or threads to hijack other users' sessions. This occurs because the shared ohmo session key lacks sender identity verification, enabling attackers to reuse another user's conversation state and replace or interrupt active tasks by colliding into the same session boundary through the shared chat or thread scope.

Recommendations Update to the version containing the PR #159 remediation.