CVE-2026-22812 Overview
OpenCode is an open source AI coding agent that prior to version 1.0.216 automatically starts an unauthenticated HTTP server allowing any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This Missing Authentication for Critical Function (CWE-306) vulnerability poses significant risk as it enables unauthorized command execution without any authentication mechanism in place.
Critical Impact
Attackers can leverage this unauthenticated HTTP server to execute arbitrary shell commands with the same privileges as the user running OpenCode, potentially leading to complete system compromise.
Affected Products
- OpenCode versions prior to 1.0.216
Discovery Timeline
- 2026-01-12 - CVE CVE-2026-22812 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2026-22812
Vulnerability Analysis
This vulnerability stems from a fundamental design flaw in OpenCode's architecture where an HTTP server is automatically started without implementing any form of authentication. The server's permissive CORS (Cross-Origin Resource Sharing) configuration further exacerbates the issue by allowing requests from any origin, including malicious websites visited by the user. This combination creates a dangerous attack surface where both local processes and remote websites can interact with the server to execute arbitrary commands.
The impact of successful exploitation is severe, as commands execute with the full privileges of the user running the OpenCode application. This could result in unauthorized data access, malware installation, lateral movement within a network, or complete system takeover depending on the user's privilege level.
Root Cause
The root cause is classified under CWE-306 (Missing Authentication for Critical Function). The OpenCode application fails to implement authentication controls on its HTTP server endpoint, allowing any entity that can reach the server to execute commands. The permissive CORS policy removes browser-based security restrictions, enabling cross-origin attacks from malicious websites.
Attack Vector
The attack can be executed via network access, requiring user interaction (such as visiting a malicious website). An attacker could craft a malicious webpage that, when visited by a user running OpenCode, makes requests to the local HTTP server to execute arbitrary shell commands. Alternatively, any malicious process running on the local system could directly interact with the unauthenticated server to gain command execution capabilities.
The vulnerability mechanism involves an HTTP server that accepts command execution requests without verifying the identity or authorization of the requester. Due to the permissive CORS configuration, even cross-origin requests from untrusted websites are processed, allowing browser-based exploitation. For detailed technical information, see the GitHub Security Advisory.
Detection Methods for CVE-2026-22812
Indicators of Compromise
- Unexpected outbound network connections originating from the OpenCode process
- Unusual child processes spawned by the OpenCode application
- Suspicious HTTP requests to localhost on OpenCode's listening port from browser processes
- Evidence of shell command execution in system logs tied to the OpenCode user context
Detection Strategies
- Monitor for HTTP server processes started by OpenCode listening on unexpected ports
- Implement network monitoring to detect cross-origin requests targeting local services
- Deploy endpoint detection rules to identify unauthorized command execution patterns from OpenCode
- Audit browser history and network logs for connections to known malicious domains that may exploit this vulnerability
Monitoring Recommendations
- Enable detailed logging for the OpenCode application and review for unauthorized command execution attempts
- Configure SIEM rules to alert on process chains where OpenCode spawns unexpected shell processes
- Monitor for anomalous localhost HTTP traffic patterns that may indicate exploitation attempts
- Implement file integrity monitoring on systems running OpenCode to detect unauthorized changes
How to Mitigate CVE-2026-22812
Immediate Actions Required
- Upgrade OpenCode to version 1.0.216 or later immediately
- If upgrade is not immediately possible, disable or stop the OpenCode application until patching is complete
- Review system logs for any evidence of exploitation prior to patching
- Audit systems running OpenCode for unauthorized changes or suspicious activity
Patch Information
The vulnerability has been addressed in OpenCode version 1.0.216. Users should upgrade to this version or later to remediate the vulnerability. The fix implements proper authentication controls for the HTTP server functionality. For more information, refer to the GitHub Security Advisory.
Workarounds
- Block network access to the OpenCode HTTP server port using host-based firewall rules if upgrading is not immediately possible
- Restrict browser access to localhost services using browser security extensions or policies
- Run OpenCode in an isolated environment or container with limited network access and reduced privileges
- Implement network segmentation to limit the impact of potential exploitation
# Example: Block access to OpenCode server port using iptables (adjust port as needed)
# Identify the port OpenCode listens on and block external access
iptables -A INPUT -p tcp --dport <opencode_port> -j DROP
# Alternative: Use firewalld to restrict access
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="<opencode_port>" protocol="tcp" reject'
firewall-cmd --reload
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
