{"data":{"id":"32e86674-b0f0-4eb3-b165-ec147be2353c","title":"CVE-2026-33718: OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in ","summary":"OpenHands, a software tool for AI-driven development, has a command injection vulnerability (a security flaw where untrusted input is directly executed as commands) in versions 1.5.0 and later. The vulnerability exists in the git handling code, where user input is passed directly to shell commands without filtering, allowing authenticated attackers to run arbitrary commands in the agent's sandbox environment, bypassing the normal oversight channels.","solution":"Update to version 1.5.0, which fixes the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33718","publishedAt":"2026-03-27T01:16:19.483Z","cveId":"CVE-2026-33718","cweIds":["CWE-78"],"cvssScore":"7.6","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenHands"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-27T01:16:19.483Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}