CVE-2026-33718 | OpenHands up to 1.4.x API Endpoint git_handler.py get_git_diff path os command injection (GHSA-7h8w-hj9j-8rjw)

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability described as critical has been identified in OpenHands up to 1.4.x. This affects the function get_git_diff of the file openhands/runtime/utils/git_handler.py of the component API Endpoint. Executing a manipulation of the argument path can lead to os command injection.

This vulnerability is handled as CVE-2026-33718. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2026-33718 | OpenHands up to 1.4.x API Endpoint git_handler.py get_git_diff path os command injection (GHSA-7h8w-hj9j-8rjw)

Post correlati

CVE-2024-51688 | FraudLabs Pro SMS Verification Plugin up to 1.10.1 on WordPress cross-site request forgery

CVE-2024-10758 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /index.php user_name sql injection

CVE-2025-23887 | Scott Allan Wallick Blog Summary Plugin up to 0.1.2 β on WordPress cross site scripting

CVE-2025-25513 | SeaCMS up to 13.3 admin_members.php sql injection