📄 الوصف (الإنجليزية)
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
🤖 ملخص AI
CVE-2026-40516 is a server-side request forgery (SSRF) vulnerability in OpenHarness affecting web_fetch and web_search tools, allowing attackers to access private and localhost services by manipulating tool parameters. With a CVSS score of 8.3, this vulnerability poses significant risk to organizations using OpenHarness for AI agent operations, particularly those with sensitive internal services. The lack of input validation enables attackers to read responses from cloud metadata endpoints, admin panels, and development services, potentially exposing credentials and sensitive data.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 25, 2026 01:55
🇸🇦 التأثير على المملكة العربية السعودية
Saudi organizations leveraging OpenHarness for AI-powered automation face significant risk, particularly in: (1) Banking/SAMA-regulated institutions using AI agents for customer service or data processing—SSRF could expose internal banking systems and payment infrastructure; (2) Government agencies (NCA, CITC) deploying AI tools for citizen services—attackers could access internal administrative systems and sensitive databases; (3) Energy sector (ARAMCO, SEC) using AI for operational technology—SSRF could expose SCADA systems and critical infrastructure; (4) Telecom providers (STC, Mobily) using AI agents—metadata endpoint access could expose infrastructure credentials; (5) Healthcare organizations—access to internal medical records systems and patient data. The vulnerability is particularly dangerous in Saudi Arabia's cloud-first government initiatives and digital transformation programs.
🏢 القطاعات السعودية المتأثرة
Banking and Financial Services (SAMA-regulated)
Government and Public Administration (NCA, CITC)
Energy and Utilities (ARAMCO, SEC)
Telecommunications (STC, Mobily, Zain)
Healthcare and Medical Services
Cloud Service Providers
AI/ML Development and Deployment Organizations
🎯 تقنيات MITRE ATT&CK
⚖️ درجة المخاطر السعودية (AI)
8.1
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Audit all OpenHarness deployments to identify instances using web_fetch and web_search tools
2. Implement network segmentation to restrict outbound connections from OpenHarness instances to only approved external services
3. Disable web_fetch and web_search tools until patching is available
4. Review agent session logs for suspicious tool invocations targeting localhost (127.0.0.1), RFC1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or link-local addresses (169.254.0.0/16)
COMPENSATING CONTROLS:
1. Implement strict input validation and allowlisting for tool parameters—only permit explicitly approved target domains/IPs
2. Deploy Web Application Firewall (WAF) rules to block requests to private IP ranges and localhost
3. Use egress filtering at network boundary to prevent connections to RFC1918 and loopback addresses
4. Implement API gateway with URL validation before forwarding to OpenHarness
5. Monitor and alert on any tool invocations with suspicious parameters (localhost, 169.254.*, 10.*, 172.16-31.*, 192.168.*)
DETECTION RULES:
1. Alert on web_fetch/web_search tool calls with target parameters matching: ^(127\.|localhost|169\.254\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)
2. Monitor for unusual response sizes or error patterns from tool invocations
3. Track failed connection attempts to internal services from OpenHarness processes
4. Correlate tool invocations with subsequent access to sensitive internal systems
PATCHING GUIDANCE:
1. Monitor OpenHarness GitHub repository for commit bd4df81 or later releases
2. Establish testing environment to validate patches before production deployment
3. Plan phased rollout of patches across all OpenHarness instances
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع نشرات OpenHarness لتحديد الحالات التي تستخدم أدوات web_fetch و web_search
2. تنفيذ تقسيم الشبكة لتقييد الاتصالات الصادرة من حالات OpenHarness إلى الخدمات الخارجية المعتمدة فقط
3. تعطيل أدوات web_fetch و web_search حتى يتوفر التصحيح
4. مراجعة سجلات جلسة الوكيل للاستدعاءات المريبة للأداة التي تستهدف localhost (127.0.0.1) أو نطاقات RFC1918 أو عناوين الارتباط المحلي
الضوابط التعويضية:
1. تنفيذ التحقق الصارم من المدخلات والقائمة البيضاء لمعاملات الأداة
2. نشر قواعد جدار حماية تطبيقات الويب لحظر الطلبات إلى نطاقات IP الخاصة
3. استخدام تصفية الخروج على حدود الشبكة
4. تنفيذ بوابة API مع التحقق من صحة URL
5. مراقبة والتنبيه على استدعاءات الأداة المريبة
قواعد الكشف:
1. التنبيه على استدعاءات web_fetch/web_search بمعاملات الهدف المطابقة للأنماط الخاصة
2. مراقبة أحجام الاستجابة غير العادية
3. تتبع محاولات الاتصال الفاشلة بالخدمات الداخلية
4. ربط استدعاءات الأداة بالوصول اللاحق إلى الأنظمة الداخلية الحساسة
إرشادات التصحيح:
1. مراقبة مستودع OpenHarness GitHub للحصول على الإصدارات اللاحقة
2. إنشاء بيئة اختبار للتحقق من الرقع
3. التخطيط لنشر متدرج للرقع عبر جميع الحالات
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Network segmentation and access control
ECC 2024 A.5.2.1 - Input validation and data sanitization
ECC 2024 A.5.3.1 - Monitoring and logging of security events
ECC 2024 A.6.1.1 - Vulnerability management and patching
🔵 SAMA CSF
SAMA CSF ID.BE-3.1 - Supply chain risk management
SAMA CSF PR.AC-3.1 - Access control and authentication
SAMA CSF PR.DS-2.1 - Data security and encryption
SAMA CSF DE.CM-1.1 - Detection and monitoring capabilities
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access control
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.8.22 - Monitoring activities
🟣 PCI DSS v4.0.1
PCI DSS 1.3 - Firewall configuration standards
PCI DSS 6.5.1 - Injection flaws prevention
PCI DSS 10.3 - Logging and monitoring of access
🔗 المراجع والمصادر 4
🔗
🔗
🔗
🔗
https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae
disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/pull/92
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search
disclosure@vulncheck.com
https://github.com/HKUDS/OpenHarness/pull/92
134c704f-9b21-4f2e-91b3-4a467353bcc0