Vulnerability Database

317,577

Total vulnerabilities in the database

CVE-2026-22812

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Published: Jan 12, 2026
Updated: Jan 14, 2026
CVE: CVE-2026-22812
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-306
CWE-749
CWE-942

Affected Software
References

No affected software listed.

https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo