Vulnerabilities ›

CVE-2026-40516

High

CWE-918 — Weakness Type

                    Published: Apr 17, 2026                      ·  Modified: Apr 24, 2026                      ·  Source: NVD                

CVSS v3

8.3

🔗 NVD Official

📄 Description (English)

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.

🤖 AI Executive Summary

CVE-2026-40516 is a server-side request forgery (SSRF) vulnerability in OpenHarness affecting web_fetch and web_search tools, allowing attackers to access private and localhost services by manipulating tool parameters. With a CVSS score of 8.3, this vulnerability poses significant risk to organizations using OpenHarness for AI agent operations, particularly those with sensitive internal services. The lack of input validation enables attackers to read responses from cloud metadata endpoints, admin panels, and development services, potentially exposing credentials and sensitive data.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 01:55

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations leveraging OpenHarness for AI-powered automation face significant risk, particularly in: (1) Banking/SAMA-regulated institutions using AI agents for customer service or data processing—SSRF could expose internal banking systems and payment infrastructure; (2) Government agencies (NCA, CITC) deploying AI tools for citizen services—attackers could access internal administrative systems and sensitive databases; (3) Energy sector (ARAMCO, SEC) using AI for operational technology—SSRF could expose SCADA systems and critical infrastructure; (4) Telecom providers (STC, Mobily) using AI agents—metadata endpoint access could expose infrastructure credentials; (5) Healthcare organizations—access to internal medical records systems and patient data. The vulnerability is particularly dangerous in Saudi Arabia's cloud-first government initiatives and digital transformation programs.

🏢 Affected Saudi Sectors

Banking and Financial Services (SAMA-regulated) Government and Public Administration (NCA, CITC) Energy and Utilities (ARAMCO, SEC) Telecommunications (STC, Mobily, Zain) Healthcare and Medical Services Cloud Service Providers AI/ML Development and Deployment Organizations

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1589 - Gather Victim Identity Information T1592 - Gather Victim Host Information T1598 - Phishing for Information T1526 - Enumerate Cloud Resources T1040 - Network Sniffing T1557 - Man-in-the-Middle T1021 - Remote Services T1078 - Valid Accounts

⚖️ Saudi Risk Score (AI)

8.1

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Audit all OpenHarness deployments to identify instances using web_fetch and web_search tools

2. Implement network segmentation to restrict outbound connections from OpenHarness instances to only approved external services

3. Disable web_fetch and web_search tools until patching is available

4. Review agent session logs for suspicious tool invocations targeting localhost (127.0.0.1), RFC1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or link-local addresses (169.254.0.0/16)



COMPENSATING CONTROLS:

1. Implement strict input validation and allowlisting for tool parameters—only permit explicitly approved target domains/IPs

2. Deploy Web Application Firewall (WAF) rules to block requests to private IP ranges and localhost

3. Use egress filtering at network boundary to prevent connections to RFC1918 and loopback addresses

4. Implement API gateway with URL validation before forwarding to OpenHarness

5. Monitor and alert on any tool invocations with suspicious parameters (localhost, 169.254.*, 10.*, 172.16-31.*, 192.168.*)



DETECTION RULES:

1. Alert on web_fetch/web_search tool calls with target parameters matching: ^(127\.|localhost|169\.254\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)

2. Monitor for unusual response sizes or error patterns from tool invocations

3. Track failed connection attempts to internal services from OpenHarness processes

4. Correlate tool invocations with subsequent access to sensitive internal systems



PATCHING GUIDANCE:

1. Monitor OpenHarness GitHub repository for commit bd4df81 or later releases

2. Establish testing environment to validate patches before production deployment

3. Plan phased rollout of patches across all OpenHarness instances

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع نشرات OpenHarness لتحديد الحالات التي تستخدم أدوات web_fetch و web_search

2. تنفيذ تقسيم الشبكة لتقييد الاتصالات الصادرة من حالات OpenHarness إلى الخدمات الخارجية المعتمدة فقط

3. تعطيل أدوات web_fetch و web_search حتى يتوفر التصحيح

4. مراجعة سجلات جلسة الوكيل للاستدعاءات المريبة للأداة التي تستهدف localhost (127.0.0.1) أو نطاقات RFC1918 أو عناوين الارتباط المحلي

الضوابط التعويضية:

1. تنفيذ التحقق الصارم من المدخلات والقائمة البيضاء لمعاملات الأداة

2. نشر قواعد جدار حماية تطبيقات الويب لحظر الطلبات إلى نطاقات IP الخاصة

3. استخدام تصفية الخروج على حدود الشبكة

4. تنفيذ بوابة API مع التحقق من صحة URL

5. مراقبة والتنبيه على استدعاءات الأداة المريبة

قواعد الكشف:

1. التنبيه على استدعاءات web_fetch/web_search بمعاملات الهدف المطابقة للأنماط الخاصة

2. مراقبة أحجام الاستجابة غير العادية

3. تتبع محاولات الاتصال الفاشلة بالخدمات الداخلية

4. ربط استدعاءات الأداة بالوصول اللاحق إلى الأنظمة الداخلية الحساسة

إرشادات التصحيح:

1. مراقبة مستودع OpenHarness GitHub للحصول على الإصدارات اللاحقة

2. إنشاء بيئة اختبار للتحقق من الرقع

3. التخطيط لنشر متدرج للرقع عبر جميع الحالات

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Network segmentation and access control ECC 2024 A.5.2.1 - Input validation and data sanitization ECC 2024 A.5.3.1 - Monitoring and logging of security events ECC 2024 A.6.1.1 - Vulnerability management and patching

🔵 SAMA CSF

SAMA CSF ID.BE-3.1 - Supply chain risk management SAMA CSF PR.AC-3.1 - Access control and authentication SAMA CSF PR.DS-2.1 - Data security and encryption SAMA CSF DE.CM-1.1 - Detection and monitoring capabilities

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access control ISO 27001:2022 A.5.23 - Information security for supplier relationships ISO 27001:2022 A.8.1 - User endpoint devices ISO 27001:2022 A.8.22 - Monitoring activities

🟣 PCI DSS v4.0.1

PCI DSS 1.3 - Firewall configuration standards PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 10.3 - Logging and monitoring of access

🔗 References & Sources 4

🔗

https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae

disclosure@vulncheck.com

🔗

https://github.com/HKUDS/OpenHarness/pull/92

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search

disclosure@vulncheck.com

🔗

https://github.com/HKUDS/OpenHarness/pull/92

134c704f-9b21-4f2e-91b3-4a467353bcc0

📊 CVSS Score

8.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score8.3

CWECWE-918

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-17

Source Feed nvd

🇸🇦 Saudi Risk Score

8.1

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-40516

💬 Comments

Introduce Yourself

Sign In Required