High severityOSV Advisory· Published Jan 12, 2026· Updated Jan 13, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
CVE-2026-22812
Description
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opencode-ainpm | < 1.0.216 | 1.0.216 |
Affected products
1Patches
17d2d87fa2c44core: allow CORS requests from *.opencode.ai subdomains
1 file changed · +16 −1
packages/opencode/src/server/server.ts+16 −1 modified@@ -104,7 +104,22 @@ export namespace Server { timer.stop() } }) - .use(cors()) + .use( + cors({ + origin(input) { + if (!input) return + + if (input.startsWith("http://localhost:")) return input + if (input.startsWith("http://127.0.0.1:")) return input + + // *.opencode.ai (https only, adjust if needed) + if (/^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/.test(input)) { + return input + } + return + }, + }), + ) .get( "/global/health", describeRoute({
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-vxw4-wv6m-9hhhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22812ghsaADVISORY
- github.com/anomalyco/opencode/commit/7d2d87fa2c44e32314015980bb4e59a9386e858cghsaWEB
- github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhhghsax_refsource_CONFIRMWEB
News mentions
1- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026