Hacker News new | ask | show | jobs
OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability (github.com)
3 points by AlexAltea 159 days ago
1 comments
rvz 159 days ago
Probably nothing.
link
AlexAltea 158 days ago
Probably nothing based on what? I have reproduced the finding locally...

Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.

link