top | item 46539718 OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability 3 points| AlexAltea | 1 month ago |github.com 2 comments order hn newest rvz|1 month ago Probably nothing. AlexAltea|1 month ago Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
rvz|1 month ago Probably nothing. AlexAltea|1 month ago Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
AlexAltea|1 month ago Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
rvz|1 month ago
AlexAltea|1 month ago
Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.