OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memory directory and access sensitive files accessible to the OpenHarness process without filesystem containment validation.
{
"cwe_ids": [
"CWE-22"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40503.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "dd1d235450dd987b20bff01b7bfb02fe8620a0af"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "VulnCheck"
}