CVE-2026-6729
CVE-2026-6729 is a medium-severity vulnerability in Hkuds Openharness with a CVSS 3.x base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: Medium (CVSS 3.x base score 6.3)
- CVSS v4: 5.3
- EPSS exploit prediction: 0% (10th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-23983
- Weakness: CWE-287
- Affected product: Hkuds Openharness
- Published:
- Last modified:
Description
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt their active tasks by colliding into the same session boundary through the shared chat or thread scope.
Frequently asked questions
- What is CVE-2026-6729?
- HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt their active tasks by colliding into the same session boundary through the shared chat or thread scope.
- How severe is CVE-2026-6729?
- CVE-2026-6729 has a CVSS 3.x base score of 6.3, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2026-6729 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-6729?
- CVE-2026-6729 affects Hkuds Openharness. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-6729?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-6729 have an EU (EUVD) identifier?
- Yes. CVE-2026-6729 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-23983.
- When was CVE-2026-6729 published?
- CVE-2026-6729 was published on 2026-04-20 and last updated on 2026-06-17.
References
- https://github.com/HKUDS/OpenHarness/commit/3186851c479ee714a9bb9aa6cd77017db7e589e2
- https://github.com/HKUDS/OpenHarness/pull/159
- https://www.vulncheck.com/advisories/hkuds-openharness-session-key-collision-privilege-escalation
Affected products (1)
- cpe:2.3:a:hkuds:openharness:*:*:*:*:*:*:*:*
More vulnerabilities in Hkuds Openharness
- CVE-2026-7551 — High (CVSS 8.8): HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote…
- CVE-2026-6819 — High (CVSS 8.8): HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin…
- CVE-2026-40502 — High (CVSS 8.8): OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with…
- CVE-2026-40516 — High (CVSS 8.3): OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search…
- CVE-2026-6823 — High (CVSS 8.2): HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote…
- CVE-2026-40515 — High (CVSS 7.5): OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive…
All CVEs affecting Hkuds Openharness →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →