CVE-2026-33718 | OpenHands up to 1.4.x API Endpoint git_handler.py get_git_diff path os command injection (GHSA-7h8w-hj9j-8rjw)

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability described as critical has been identified in OpenHands up to 1.4.x. This affects the function get_git_diff of the file openhands/runtime/utils/git_handler.py of the component API Endpoint. Executing a manipulation of the argument path can lead to os command injection.

This vulnerability is handled as CVE-2026-33718. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2026-33718 | OpenHands up to 1.4.x API Endpoint git_handler.py get_git_diff path os command injection (GHSA-7h8w-hj9j-8rjw)

Post correlati

CVE-2024-11973 | Quran Multilanguage Text & Audio Plugin up to 2.3.21 on WordPress sourate/lang cross site scripting

CVE-2026-32642 | Apache Artemis/ActiveMQ Artemis on OpenWire OpenWire Consumer permission

CVE-2023-6653 | PHPGurukul Teacher Subject Allocation Management System 1.0 Create a new Subject /admin/subject.php cid cross-site request forgery

CVE-2025-7070 | IROAD Dashcam Q9 up to 20250624 MFA Pairing Request allocation of resources