OpenHarness SSRF Exposes Private Services, Cloud Metadata

The National Vulnerability Database has detailed CVE-2026-40516, a critical Server-Side Request Forgery (SSRF) vulnerability in OpenHarness, affecting versions prior to commit bd4df81. This flaw stems from inadequate validation of target addresses within the web_fetch and web_search tools. Attackers can manipulate tool parameters to force an agent session to access internal HTTP services, including those on localhost, RFC1918 networks, and link-local addresses.

This SSRF allows attackers to read response bodies from sensitive internal endpoints. This includes local development services, crucial cloud metadata endpoints, administrative panels, and other private HTTP services that are typically unreachable from the internet but are accessible from the compromised host. The National Vulnerability Database assigns a CVSS score of 8.3 (HIGH), underscoring the severity of this access.

For defenders, this is a clear call to action. An SSRF of this nature can be a gateway to deeper network compromise, credential theft via metadata services, or lateral movement. The attacker’s calculus here is simple: leverage a single external point of entry to map and exploit internal infrastructure. Patching to the specified commit is non-negotiable. Beyond that, review network segmentation and egress filtering for OpenHarness deployments to restrict outbound connections, even to internal IPs, where not explicitly required.