CVE-2026-33718CRITICAL 9.9EPSS p76.9%

CVE-2026-33718CVE-2026-33718

Description

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS1.89% probability of exploitation · percentile 76.9% · 2026-06-19T12:03:05Z
Published2026-03-27
Last modified2026-04-10

Underlying weaknesses· 1

CWE-78

References

  1. https://docs.python.org/3/library/shlex.html#shlex.quote
  2. https://docs.python.org/3/library/subprocess.html#security-considerations
  3. https://github.com/OpenHands/OpenHands/pull/13051
  4. https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw
  5. https://owasp.org/www-community/attacks/Command_Injection

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22812
CVE
CVE-2026-24763
CVE
CVE-2026-21518
CVE
CVE-2026-26323
CVE
CVE-2026-25593
CVE
CVE-2026-21256
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.