Detection Guidance

This vulnerability can be detected by checking if the /resume and /summary slash commands in the OpenHarness ohmo gateway are remotely invocable without proper authorization.

To detect exploitation attempts or the presence of this vulnerability, you can monitor network traffic or logs for remote invocations of these commands that should normally be restricted to local use only.

Suggested commands or checks include attempting to remotely invoke /resume or /summary commands and observing if the system allows loading or enumerating session snapshots by ID without admin authorization.

If the commands respond with messages such as "/summary is only available in the local OpenHarness UI" or "/resume is only available in the local OpenHarness UI," it indicates the vulnerability has been mitigated.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves restricting the /resume and /summary slash commands to local use only by setting their remote_invocable parameter to False and requiring explicit remote admin opt-in for any remote invocation.

Apply the patch or update provided by the OpenHarness project that modifies these commands to prevent unauthorized remote access.

• Update OpenHarness to a version including the fix that disables remote invocation of /resume and /summary by default.
• Verify that remote users cannot invoke these commands and that attempts result in error messages indicating local-only availability.
• Review and monitor gateway logs for any unauthorized attempts to access session snapshots remotely.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-56695 is a vulnerability in OpenHarness versions up to 0.1.9 where the /resume and /summary slash commands are by default remotely invocable without proper authorization.

This flaw allows an attacker who is an admitted remote sender in a shared gateway environment to enumerate and load arbitrary session snapshots by their ID.

As a result, attackers can access sensitive information contained in these session snapshots, including private prompts, credentials, tool output, and file paths.

The root cause is missing authorization controls (CWE-862) on these commands, which bypasses the intended sender-scoped session isolation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive and private data stored in session snapshots.

• Attackers can enumerate and load other users' session snapshots remotely.
• Exposed data may include private prompts, credentials, tool outputs, and file paths.

Such exposure can compromise confidentiality and privacy of users in shared gateway environments.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthorized remote users to access private session snapshots containing sensitive information such as private prompts, credentials, tool output, and file paths. Such unauthorized disclosure of sensitive data can lead to violations of data protection and privacy regulations like GDPR and HIPAA, which mandate strict controls over access to personal and confidential information.

By enabling cross-session data access without proper authorization, the vulnerability undermines confidentiality and data isolation principles required by these standards, potentially resulting in non-compliance and associated legal or regulatory consequences.

Useful 0 Not Useful 0