CVE-2026-6823

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to PR #147

Description An insecure default configuration exists where remote channels inherit allow from = ["*"], which allows arbitrary remote senders to pass admission checks. Attackers capable of reaching the configured channel can bypass access controls to reach host-backed agent runtimes. This may result in unauthorized file disclosure and read access via default-enabled read-only tools.

Recommendations Apply the remediation provided in PR #147.