CVE-2026-6823

HighPublic PoC

Published: 21 April 2026

Published

21 April 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0016 36.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and…

reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools.

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Requires secure configuration settings for remote channels to prevent inheritance of permissive defaults like allow_from=["*"] that bypass admission controls.

CM-7 Least Functionality good match

prevent

Limits system to essential capabilities only, mitigating overly permissive remote channel configurations enabling arbitrary sender access.

AC-6 Least Privilege good match

prevent

Enforces least privilege on access controls, countering default allowance of unauthorized remote senders to host agent runtimes.

Security SummaryAI

CVE-2026-6823 is an insecure default configuration vulnerability (CWE-276) affecting HKUDS OpenHarness versions prior to the remediation in Pull Request #147. In these versions, remote channels inherit a default allow_from = ["*"] setting, which permits arbitrary remote senders to bypass admission checks. This flaw has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low complexity and no required privileges.

Attackers who can reach the configured remote channel over the network can exploit this vulnerability to bypass access controls and interact with host-backed agent runtimes. Successful exploitation enables unauthorized file disclosure and read access through default-enabled read-only tools, potentially exposing sensitive data on the host system.

Mitigation is available via Pull Request #147, which addresses the insecure default by remediating the allow_from configuration inheritance. Users should update to OpenHarness release v0.1.7 or apply the fix from commit fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d. Additional details are provided in the VulnCheck advisory.

Details

CWE(s): CWE-276

Affected Products

hkuds

openharness

≤ 0.1.7

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The insecure default allow_from setting enables remote attackers to bypass admission controls on exposed channels (T1190: Exploit Public-Facing Application) and directly facilitates unauthorized file disclosure/read access to host data via read-only tools (T1005: Data from Local System).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/HKUDS/OpenHarness/commit/fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d
Patch · disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/pull/147
Exploit, Issue Tracking, Patch · disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7
Release Notes · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/hkuds-openharness-insecure-default-remote-channel-allowlist
Third Party Advisory · disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/pull/147
Exploit, Issue Tracking, Patch · 134c704f-9b21-4f2e-91b3-4a467353bcc0