CVE-2026-22682

HighPublic PoC

Published: 07 April 2026

Published

07 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0001 1.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22682 is a high-severity Incorrect Authorization (CWE-863) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly mandates enforcement of approved access authorizations for system resources like local files, addressing the failure to pass path parameters to the PermissionChecker in file tools.

AC-25 Reference Monitor good match

prevent

Requires a tamper-resistant reference monitor to mediate all access subject/object interactions, ensuring consistent permission checks for arbitrary file paths in agent tools.

AC-6 Least Privilege partial match

prevent

Enforces least privilege for processes influencing agent tool execution, limiting the scope of unauthorized file reads and writes despite the access control bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

T1552.004 Private Keys Credential Access

Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Improper access control in file tools directly enables unauthorized reads of arbitrary local files, including credentials and private keys (SSH material).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository…

scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode.

Deeper analysisAI

CVE-2026-22682 is an improper access control vulnerability (CWE-863) affecting OpenHarness prior to commit 166fcfe. The issue resides in the built-in file tools, including read_file, write_file, edit_file, and notebook_edit, where inconsistent parameter handling fails to pass the path parameter to the PermissionChecker during permission enforcement. This allows attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope, bypassing deny rules.

Attackers require local access (AV:L) with low privileges (PR:L) and can exploit the vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high confidentiality (C:H) and integrity (I:H) impacts with no availability impact (A:N), enabling reading of sensitive files such as configuration files, credentials, and SSH material, or creating and overwriting files in restricted host paths when operating in full_auto mode.

Mitigation involves updating to OpenHarness commit 166fcfe or later, as detailed in the fixing commit at https://github.com/HKUDS/OpenHarness/commit/166fcfefb7614dbac51bd061f56542725b0298e9 and associated pull request at https://github.com/HKUDS/OpenHarness/pull/32. Additional guidance is available in the VulnCheck advisory at https://www.vulncheck.com/advisories/openharness-improper-access-control-via-file-tools.

Details

CWE(s): CWE-863

CVEs Like This One

CVE-2026-26336Shared CWE-863

CVE-2026-28229Shared CWE-863

CVE-2026-42438Shared CWE-863

CVE-2026-33461Shared CWE-863

CVE-2026-40515Shared CWE-863

CVE-2025-24233Shared CWE-863

CVE-2026-24748Shared CWE-863

CVE-2025-27645Shared CWE-863

CVE-2026-22806Shared CWE-863

CVE-2025-0359Shared CWE-863

References

https://github.com/HKUDS/OpenHarness/commit/166fcfefb7614dbac51bd061f56542725b0298e9
disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/pull/32
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openharness-improper-access-control-via-file-tools
disclosure@vulncheck.com