OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability

3 points by AlexAltea 130 days ago | 2 comments

rvz 130 days ago |

Probably nothing.

AlexAltea 129 days ago | |

Probably nothing based on what? I have reproduced the finding locally...

Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.

rvz 130 days ago |

Probably nothing.

AlexAltea 129 days ago | |

Probably nothing based on what? I have reproduced the finding locally...

Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.