CVE-2026-33718
- Source
- https://cve.org/CVERecord?id=CVE-2026-33718
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33718.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-33718
- Aliases
- Published
- 2026-03-27T00:12:24.752Z
- Modified
- 2026-04-10T05:43:33.858959Z
- Severity
-
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- OpenHands is Vulnerable to Command Injection through its Git Diff Handler
- Details
-
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the
get_git_diff()method atopenhands/runtime/utils/git_handler.py:134. Thepathparameter from the/api/conversations/{conversation_id}/git/diffAPI endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue. - Database specific
{ "cwe_ids": [ "CWE-78" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33718.json", "cna_assigner": "GitHub_M" }- References
-
- https://docs.python.org/3/library/shlex.html#shlex.quote
- https://docs.python.org/3/library/subprocess.html#security-considerations
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33718.json
- https://github.com/OpenHands/OpenHands/pull/13051
- https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw
- https://nvd.nist.gov/vuln/detail/CVE-2026-33718
- https://owasp.org/www-community/attacks/Command_Injection
Affected packages
Git / github.com/openhands/openhands
Affected versions
0.*
0.10.0
0.11.0
0.12.0
0.12.1
0.12.2
0.12.3
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.15.3
0.16.1
0.17.0
0.18.0
0.19.0
0.22.0
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8