OpenHarness Flaw Exposes Sensitive Files via Path Normalization Bypass

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-863
OpenHarness Flaw Exposes Sensitive Files via Path Normalization Bypass

The National Vulnerability Database has detailed CVE-2026-40515, a high-severity (CVSS 7.5) permission bypass vulnerability in OpenHarness, affecting versions prior to commit bd4df81. This flaw stems from incomplete path normalization within OpenHarness’s permission checker, enabling attackers to bypass configured path restrictions.

Attackers can exploit this by invoking built-in grep and glob tools with sensitive root directories. Because these directories are not properly evaluated against established path rules, the vulnerability allows for the disclosure of sensitive local file content, key material, configuration files, and directory listings, circumventing intended security controls.

This isn’t just a theoretical bypass; it’s a direct route to critical data. Defenders need to recognize that incomplete path normalization is a persistent attack vector. It’s a subtle but powerful way to subvert access controls, and it frequently underpins data exposure incidents. The attacker’s calculus here is simple: find a trusted function that can be fed untrusted input, and the system does the rest.

What This Means For You

  • If your organization uses OpenHarness, you must immediately verify your version and apply the patch associated with commit `bd4df81` or later. This vulnerability allows unauthenticated access to sensitive files, which means a full data compromise is a real possibility. Review your OpenHarness deployments for any unauthorized access attempts, especially around calls to `grep` or `glob` with unusual paths.

Related ATT&CK Techniques

T1083 File and Directory Discovery Discovery T1219 Remote Access Software Persistence T1055 Process Injection Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1219 Command and Control

Unauthorized Remote Access Tool Detection

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40515 Information Disclosure OpenHarness before commit bd4df81
CVE-2026-40515 Path Traversal Incomplete path normalization in permission checker
CVE-2026-40515 Information Disclosure Exploitation of built-in grep and glob tools with sensitive root directories

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 17, 2026 at 20:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

WordPress Plugin RCE: Drag and Drop File Upload Flaw

CVE-2026-5718 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up...

vulnerabilityCVEhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /HIGH /⚑ 5 IOCs /⚙ 8 Sigma

Path Traversal in WordPress Plugin Exposes Files

CVE-2026-5710 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File...

vulnerabilityCVEhigh-severitypath-traversalcwe-22
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 4 Sigma

Firebird Client Flaw Leaks Data with Newer Servers

CVE-2025-65104 — Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields...

vulnerabilityCVEhigh-severitycwe-200
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 1 Sigma