OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability (github.com/anomalyco)
		3 points by AlexAltea 57 days ago \| hide \| past \| favorite \| 2 comments

rvz 57 days ago [–]

Probably nothing.

AlexAltea 56 days ago | [–]

Probably nothing based on what? I have reproduced the finding locally...

Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact