CVE-2026-22812
Unknown Unknown - Not Provided
Unauthenticated Remote Code Execution in OpenCode HTTP Server

Publication date: 2026-01-12

Last updated on: 2026-01-12

Assigner: GitHub, Inc.

Description
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-12
Last Modified
2026-01-12
Generated
2026-06-22
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-21
NVD
CVE-2026-22812
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
anomalyco opencode-ai to 1.0.216 (exc)
anomalyco opencode to 1.0.216 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
CWE-749 The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated remote code execution with the user's privileges, potentially leading to full system compromise and unauthorized access to sensitive data. This could result in violations of data protection regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information. The exposure of critical functions without authentication and permissive CORS policies increases the risk of data breaches and unauthorized data processing, thereby negatively impacting compliance with these standards. [1]

Executive Summary

CVE-2026-22812 is a critical vulnerability in the OpenCode AI coding agent (versions prior to 1.0.216) where it automatically starts an unauthenticated HTTP server that listens on a default port. This server exposes several critical endpoints without any authentication or access control, allowing any local process or malicious website (via permissive CORS settings) to execute arbitrary shell commands with the user's privileges. This includes creating interactive terminal sessions and reading arbitrary files. The vulnerability enables remote attackers to execute commands as the user running OpenCode, either locally or through a browser-based attack. [1]

Impact Analysis

This vulnerability can lead to full system compromise because attackers can execute arbitrary shell commands with the same privileges as the user running OpenCode. Local malicious processes or npm packages can exploit it, as well as remote attackers via malicious websites exploiting permissive CORS settings. This can result in unauthorized file access, data modification, or disruption of system availability. If OpenCode is started with the --mdns flag, the attack surface expands to the entire local network, increasing risk. [1]

Detection Guidance

You can detect this vulnerability by checking if the OpenCode application is running an unauthenticated HTTP server on its default port (4096+). You can use network scanning tools or commands like `netstat -tuln | grep 4096` or `ss -tuln | grep 4096` to see if the server is listening. Additionally, you can try sending HTTP requests to endpoints such as `POST /session/:id/shell` or `POST /pty` on localhost to test if arbitrary command execution is possible without authentication. For example, using curl: `curl -X POST http://localhost:4096/session/test/shell -d 'command=echo PWNED > /tmp/pwned.txt'` to check if the command executes. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade OpenCode to version 1.0.216 or later, where this vulnerability is fixed. Until then, avoid running OpenCode on untrusted networks, do not use the `--mdns` flag which exposes the server to all interfaces, and restrict network access to the default port (4096+) to trusted users only. Additionally, consider stopping the OpenCode service if possible until patched. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22812. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart