{"data":{"id":"75f48ec1-0106-45e7-a627-11cc1196f378","title":"CVE-2026-22813: OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into","summary":"OpenCode, an open source AI coding agent, has a vulnerability in its markdown renderer that allows arbitrary HTML to be inserted into the web interface without proper sanitization (blocking of malicious code). Because there is no protection like DOMPurify (a tool that removes dangerous HTML) or CSP (content security policy, rules that restrict what code can run), an attacker who controls what the AI outputs could execute JavaScript (code that runs in the browser) on the local web interface.","solution":"This vulnerability is fixed in version 1.1.10.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-22813","publishedAt":"2026-01-12T23:15:53.523Z","cveId":"CVE-2026-22813","cweIds":["CWE-79"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenCode"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00046,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}