CVE-2026-6823 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 21, 2026
HKUDS OpenHarness - Broken Access Control
Overview
HKUDS OpenHarness prior to PR #147 contains an insecure default configuration vulnerability caused by remote channels inheriting allow_from = ["*"], letting remote attackers bypass access controls and access host-backed agent runtimes, exploit requires network access to configured channels.
Severity & Score
Impact
Attackers can bypass access controls to read unauthorized files via default read-only tools, risking sensitive information disclosure.
Mitigation
Update to the version including PR #147 or latest available version.
References
Social Media Activity(2 posts)
š CVE-2026-6823 - High (8.2) HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the conf... š https://www.thehackerwire.com/vulnerability/CVE-2026-6823/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-6823 - High (8.2) HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the conf... š https://www.thehackerwire.com/vulnerability/CVE-2026-6823/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6823
- Severity
- High
- CVSS Score
- 8.2
- Type
- misconfiguration
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-276
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N