CVE-2026-40516
Received Received - Intake
Server-Side Request Forgery in OpenHarness web_fetch and web_search

Publication date: 2026-04-17

Last updated on: 2026-04-24

Assigner: VulnCheck

Description
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40516
EUVD
EUVD-2026-23452
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hkuds openharness to 2026-04-11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenHarness before commit bd4df81 and is a server-side request forgery (SSRF) issue found in the web_fetch and web_search tools.

Attackers can manipulate parameters of these tools without proper validation of target addresses, allowing them to make the server send requests to private or localhost HTTP services.

This means an attacker can cause the server to access internal resources such as local development services, cloud metadata endpoints, admin panels, or other private HTTP services that are normally not accessible externally.

Impact Analysis

The vulnerability can allow attackers to read sensitive information from internal services that are not intended to be exposed externally.

By exploiting this SSRF, attackers might gain access to private data, configuration details, or administrative interfaces, potentially leading to further compromise of the system or network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart