{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T08:15:46.051","vulnerabilities":[{"cve":{"id":"CVE-2026-22812","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T23:15:53.370","lastModified":"2026-01-21T15:14:59.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216."},{"lang":"es","value":"OpenCode es un agente de codificación de IA de código abierto. Antes de la 1.0.216, OpenCode inicia automáticamente un servidor HTTP no autenticado que permite a cualquier proceso local (o a cualquier sitio web a través de CORS permisivo) ejecutar comandos de shell arbitrarios con los privilegios del usuario. Esta vulnerabilidad está corregida en la 1.0.216."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-749"},{"lang":"en","value":"CWE-942"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anoma:opencode:*:*:*:*:*:-:*:*","versionEndExcluding":"1.0.216","matchCriteriaId":"168EE682-3321-4383-8874-2C9D8B949A2F"}]}]}],"references":[{"url":"https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory","Exploit"]}]}}]}