CVE-2026-33718

7.6 HIGH
Published: March 27, 2026 Modified: April 10, 2026
View on NVD

Description

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://docs.python.org/3/library/shlex.html#shlex.quote
Source: security-advisories@github.com
Technical Description
https://docs.python.org/3/library/subprocess.html#security-considerations
Source: security-advisories@github.com
Technical Description
https://github.com/OpenHands/OpenHands/pull/13051
Source: security-advisories@github.com
Issue Tracking Patch
https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw
Source: security-advisories@github.com
Exploit Mitigation Vendor Advisory
https://owasp.org/www-community/attacks/Command_Injection
Source: security-advisories@github.com
Technical Description

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.6 / 10.0
EPSS (Exploit Probability)
0.4%
63th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-78

Affected Vendors

openhands

Related CVEs

CVE-2026-6574 7.3
CVE-2026-6573 6.3
CVE-2026-6572 5.6
CVE-2026-6571 6.3
CVE-2026-6570 2.7