AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-33718: OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in

highvulnerability

security

Source: NVD/CVE DatabaseMarch 26, 2026CVE-2026-33718

Summary

OpenHands, a software tool for AI-driven development, has a command injection vulnerability (a security flaw where untrusted input is directly executed as commands) in versions 1.5.0 and later. The vulnerability exists in the git handling code, where user input is passed directly to shell commands without filtering, allowing authenticated attackers to run arbitrary commands in the agent's sandbox environment, bypassing the normal oversight channels.

Solution / Mitigation

Update to version 1.5.0, which fixes the issue.

Vulnerability Details

CVSS Score

7.6(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 26, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-78

CAPEC (Attack Pattern)

CAPEC-88

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

high

GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation

First tracked: March 27, 2026 at 02:07 AM

Classified by LLM (prompt v3) · confidence: 92%