All your OpenCodes belong to us

Summary

all your OpenCodes belong to us Jan 18, 2026 Recently, OpenCode, a very popular open source AI coding agent, was hit with a massive CVE which allowed for arbitrary remote code execution (RCE). If you’re unfamiliar with cyber-security, penetration testing, red-teaming, or the murky world of building secure software, a RCE vulnerability is the type of thing that nation state actors in Russia and North Korea dream of. In theory, it allows an attacker to execute any code on a system they’ve gained access to, effectively pwning the entire system and allowing them to install backdoors, crypto miners, or do whatever else they want. When I worked on Bottlerocket, a Linux based operating system purpose built for securely running container workloads, we took even the whisper of an RCE extremely seriously. I remember working a few long nights in order to fix a possible RCE attack we were exposed to by openssl. The way this attack worked was through a specially crafted email address in an X.509 cert from a client. This could in theory cause a buffer overflow which could allow for an attacker to execute remote code injected in the cert (which would have been loaded into memory). This would require a meticulously crafted X.509 cert with the specially crafted email address and perfect buffer overflow into the malicious code within the cert. Not easy by any means! At the time, the main attack surface area was not actually Bottlerocket itself but in the Bottlerocket-update-operator which is a Kubernetes operator for upgrading on-cluster Bottlerocket nodes to the latest version as we rolled releases. The operator had a server which would connect to node daemons in order to initiate an upgrade: this server / client connection on the cluster would be secured through mTLS with certs verified by the server and client via openssl. In short, this is exactly where an attacker would have to inject a malicious X.509 cert. Already having gained access to the cluster and the internal Kubernetes...