CVE-2026-7551

Name of the Vulnerable Software and Affected Versions HKUDS OpenHarness (affected versions not specified)

Description A remote code execution issue exists in the '/bridge' slash command. Remote senders accepted by the configuration can execute arbitrary operating system commands. This occurs when the '/bridge spawn' command is invoked with attacker-controlled text, which is then forwarded to the bridge session manager and executed via the shared shell subprocess helper. This allows attackers to spawn shell sessions as the OpenHarness process user, providing access to local files, credentials, workspace state, and repository contents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.