PT-2026-51533 · Hkuds · Openharness
Chia Min Jun Lennon
·
Published
2026-06-23
·
Updated
2026-06-23
·
CVE-2026-56695
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
OpenHarness ohmo gateway /resume and /summary slash commands default remote invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openharness