Unauthenticated remote code execution in OpenCode

https://news.ycombinator.com/rss Hits: 8
Summary

Unauthenticated Remote Code Execution in OpenCode Affected software: OpenCode (npm: opencode-ai) TL;DR: Before v1.1.10, OpenCode automatically and silently started an unauthenticated web server which allowed connecting peers to execute arbitrary code. Before v1.0.216, any website could execute arbitrary code on your machine if OpenCode was running — no user interaction or configuration necessary. Since v1.1.10, the server is disabled by default, but when enabled (via flags or config) it remains completely unauthenticated. Vulnerability Summary OpenCode is an open-source AI coding assistant. Prior to v1.1.10, it automatically spawned an HTTP server (default port 4096+) on startup. Since v1.1.10, the server is disabled by default but can be enabled via command-line flags or configuration file. When running, the server exposes endpoints for: Executing arbitrary shell commands (POST /session/:id/shell) Creating interactive terminal sessions (POST /pty) Reading arbitrary files (GET /file/content) This server has no authentication. Any client that can connect to it gains full code execution with the privileges of the user running OpenCode. When the server is running, there is no visible indication to the user. Note: The CORS policy hardcodes *.opencode.ai as an allowed origin. This means any page served from opencode.ai or its subdomains can access the server API when it's running. If opencode.ai is ever compromised, or an XSS vulnerability is found on any subdomain, attackers could exploit all users who have the server enabled. Attack Vectors Attack Vector Affected Versions Status Vendor Advisory Any website can execute code on any OpenCode user's machine < 1.0.216 Fixed in v1.0.216 Silent fix Any process on the local machine can execute code as the OpenCode user < 1.1.10 Mitigated in v1.1.10 Silent fix Any web page served from localhost/127.0.0.1 can execute code < 1.1.10 Mitigated in v1.1.10 Silent fix When server is enabled, any local process can execute code without ...

First seen: 2026-01-12 19:02

Last seen: 2026-01-13 02:03

Read Full Article More from this Source
Related News
The Cray-1 Computer System (1977) [pdf]
2026-01-13 · 1 hits
TimeCapsuleLLM: LLM trained only on data from 1800-1875
2026-01-12 · 10 hits
Ansible battle tested hardening for Linux, SSH, Nginx, MySQL
2026-01-12 · 7 hits
GitHub: A case study in link maintenance and 404 pages (2013)
2026-01-12 · 4 hits
Fabrice Bellard's TS Zip
2026-01-12 · 6 hits