CVE-2026-40503
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
A path traversal vulnerability in OpenHarness prior to commit dd1d235 allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can bypass the project memory directory validation and access sensitive files accessible to the OpenHarness process.
Risk Assessment
The risk involves potential leakage of confidential data such as configurations, passwords, or user data stored on the server filesystem, which could lead to organizational security breaches.
Recommendation
Immediately update OpenHarness to a version containing commit dd1d235 or later, and restrict access to the /memory show command to trusted users only.
Original NVD description (English source)
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.

