CVE-2026-6729
| Summary |
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt their active tasks by colliding into the same session boundary through the shared chat or thread scope.
|
| Publication Date |
April 21, 2026, 7:16 a.m. |
| Registration Date |
April 25, 2026, 4:02 a.m. |
| Last Update |
April 22, 2026, 3:16 a.m. |
|
CVSS3.1 : MEDIUM
|
| スコア |
6.3
|
| Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 攻撃元区分(AV) |
ネットワーク |
| 攻撃条件の複雑さ(AC) |
低 |
| 攻撃に必要な特権レベル(PR) |
低 |
| 利用者の関与(UI) |
不要 |
| 影響の想定範囲(S) |
変更なし |
| 機密性への影響(C) |
低 |
| 完全性への影響(I) |
低 |
| 可用性への影響(A) |
低 |
Related information, measures and tools
Common Vulnerabilities List