CVE-2026-6823
Published: 21 April 2026
Summary
CVE-2026-6823 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Hkuds Openharness. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires secure configuration settings for remote channels to prevent inheritance of permissive defaults like allow_from=["*"] that bypass admission controls.
Limits system to essential capabilities only, mitigating overly permissive remote channel configurations enabling arbitrary sender access.
Enforces least privilege on access controls, countering default allowance of unauthorized remote senders to host agent runtimes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The insecure default allow_from setting enables remote attackers to bypass admission controls on exposed channels (T1190: Exploit Public-Facing Application) and directly facilitates unauthorized file disclosure/read access to host data via read-only tools (T1005: Data from Local System).
NVD Description
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and…
more
reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools.
Deeper analysisAI
CVE-2026-6823 is an insecure default configuration vulnerability (CWE-276) affecting HKUDS OpenHarness versions prior to the remediation in Pull Request #147. In these versions, remote channels inherit a default allow_from = ["*"] setting, which permits arbitrary remote senders to bypass admission checks. This flaw has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low complexity and no required privileges.
Attackers who can reach the configured remote channel over the network can exploit this vulnerability to bypass access controls and interact with host-backed agent runtimes. Successful exploitation enables unauthorized file disclosure and read access through default-enabled read-only tools, potentially exposing sensitive data on the host system.
Mitigation is available via Pull Request #147, which addresses the insecure default by remediating the allow_from configuration inheritance. Users should update to OpenHarness release v0.1.7 or apply the fix from commit fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d. Additional details are provided in the VulnCheck advisory.
Details
- CWE(s)