[thdxr]

hey maintainer here

we've done a poor job handling these security reports, usage has grown rapidly and we're overwhelmed with issues

we're meeting with some people this week to advise us on how to handle this better, get a bug bounty program funded and have some audits done

[Imustaskforhelp]

My original message was more positive but after more looking into context, I am a bit more pessimistic.

Now I must admit though that I am little concerned by the fact that the vulnerability reporters tried multiple times to contact you but till no avail. This is not a good look at all and I hope you can fix it asap as you mention

I respect dax from the days of SST framework but this is genuinely such a bad look especially when they Reported on 2025-11-17, and multiple "no responses" after repeated attempts to contact the maintainers...

Sure they reported the bug now but who knows what could have / might have even been happening as OpenCode was the most famous open source coding agent and surely more cybersec must have watched it, I can see a genuine possibility where something must have been used in the wild as well from my understanding from black hat adversaries

I think this means that we should probably run models in gvisor/proper sandboxing efforts.

Even right now, we don't know how many more such bugs might persist and can lead to even RCE.

Dax, This short attention would make every adversary look for even more bugs / RCE vulnerabilities right now as we speak so you only have a very finite time in my opinion. I hope things can be done as fast as possible now to make OpenCode more safer.

[thdxr]

the email they found was from a different repo and not monitored. this is ultimately our fault for not having a proper SECURITY.md on our main repository

the issue that was reported was fixed as soon as we heard about it - going through the process of learning about the CVE process, etc now and setting everything up correctly. we get 100s of issues reported to us daily across various mediums and we're figuring out how to manage this

i can't really say much beyond this is my own inexperience showing

[varenc]

Also consider putting a security.txt[0] file on your main domain, like here: https://opencode.ai/.well-known/security.txt

I also just want to sympathize with the difficulty of spotting the real reports from the noise. For a time I helped manage a bug bounty program, and 95% of issues were long reports with plausible titles that ended up saying something like "if an attacker can access the user's device, they can access the user's device". Finding the genuine ones requires a lot of time and constant effort. Though you get a feel for it with experience.

[0] https://en.wikipedia.org/wiki/Security.txt

edit: I agree with the original report that the CORS fix, while a huge improvement, is not sufficient since it doesn't protect from things like malicious code running locally or on the network.

edit2: Looks like you've already rolled out a password! Kudos.

[rando77]

I've been thinking about using LLMs to help triage security vulnerabilities.

If done in an auditably unlogged environment (with a limited output to the company, just saying escalate) it might also encourage people to share vulns they are worried about putting online.

Does that make sense from your experience?

[1] https://github.com/eb4890/echoresponse/blob/main/design.md

[varenc]

I definitely think it's a viable idea! Someone like Hackerone or Bugcrowd would be especially well poised to build this since they can look at historical reports, see which ones ended up being investigated or getting bounties, and use the to validate or inform the LLM system.

The 2nd order effects of this, when reporters expect an LLM to be validating their report, may get tricky. But ultimately if it's only passing a "likely warrants investigation" signal and has very few false negatives, it sounds useful.

With trust and security though, I still feel like some human needs to be ultimately responsible for closing each bad report as "invalid" and never purely relying on the LLM. But it sounds useful for elevating valid high severity reports and assisting the human ultimately responsible.

Though it does feels like a hard product to build from scratch, but easy for existing bug bounty systems to add.

[KolenCh]

I learnt this the hard way: if anyone is sending multiple emails, with seemingly very important titles and messages, and they get no reply at all, the receiver likely haven’t received your email rather than completely ghosting you. Everyone should know this, and at least try a different channel of communication before further actions, especially from those disclosing vulnerability.

[Imustaskforhelp]

Thanks for providing additional context. I appreciate the fact that you are admitting fault where it is and that's okay because its human to make errors and I have full faith from your response that OpenCode will learn from its errors.

I might try OpenCode now once its get patched or after seeing the community for a while. Wishing the best of luck for a more secure future of opencode!

[BoredPositron]

Fixed? You just change it to be off by default giving the security burden to your users. It's not fixed it's buried with minimal mitigation and you give no indication to your users that it will make your machine vulnerable if activated. Shady.

[naowal]

Actually as of v1.1.15 it is fixed: https://github.com/anomalyco/opencode/releases/tag/v1.1.15

[euazOn]

I am also baffled at how long this vulnerability was left open, but I’m glad you’re at least making changes to hopefully avoid such mistakes in the future.

Just a thought, have you tried any way to triage these reported issues via LLMs, or constantly running an LLM to check the codebase for gaping security holes? Would that be in any way useful?

Anyway, thanks for your work on opencode and good luck.

[jannniii]

They are a small team and tool has gotten wildly popular. Which is not to say that slowing down and addressing quality and security issues would not be a bad idea.

I’ve been an active user of opencode for 7-8 months now, really like the tool, but beginning to get a feeling that the core team’s idea of keeping the core development to themselves is not going to scale any longer.

Really loving opencode though!

[Rygian]

Don't waste your time and money on funding bug bounties or "getting audits done". Your staff will add another big security flaw just the next day, back to square one.

Spend that money in reorganizing your management and training your staff so that everyone in your company is onboard with https://owasp.org/Top10/2025/A06_2025-Insecure_Design/ .

[staticassertion]

If part of the problem was that no one was responding to a vulnerability report then a bug bounty program would potentially address that.

[liveoneggs]

you just get spammed with the same three fake reports over and over

[staticassertion]

Triage is something that these services provide, exactly to deal with that.

[liveoneggs]

good try :)

[bopbopbop7]

Why not just ask Claude to fix the security issues and make sure they don't happen again?

[Hamuko]

And if you don't have a Claude subscription, you can just ask your friends to fix them via the remote code execution server.

[reactordev]

There goes my discord side hustle, offering Claude code through your OpenCode.

[Y_Y]

Talk about kicking someone while they're down...

[lostmsu]

I imagine Claude would be able to at least fix this one.

[0x500x79]

I imagine Claude helped write this one.

[croes]

Who knows what created the issues in the first place place

[digdugdirk]

I've been curious how this project will grow over time, it seems to have taken the lead as the first open source terminal agent framework/runner, and definitely seems to be growing faster than any organization would/could/should be able to manage.

It really seems like the main focus of the project should be in how to organize the work of the project, rather than on the specs/requirements/development of the codebase itself.

What are the general recommendations the team has been getting for how to manage the development velocity? And have you looked into various anarchist organizational principles?

[observationist]

Good luck, and thank you for eating the accountability sandwich and being up front about what you're doing. That's not always easy to do, and it's appreciated!

[heliumtera]

Congrats on owning this, good job, respect

[shimman]

It's hard to not own it when it's publicly disclosed. Maybe save the accolades for when they actually do something and not just say something.

[cryptonector]

For one thing spend a lot more time analyzing your code for these bugs. Use expert humans + LLMs to come up with an analysis plan then use humans + LLMs to execute the plan.

[dionian]

I don't know much about your product, but I have to say that hearing this kind of blunt communication is really refreshing

[rtaylorgarlock]

Respect for openness. Good work and good luck.

[Rygian]

I don't understand what is being encouraged here.

Something is seriously wrong when we say "hey, respect!" to a company who develops an unauthenticated RCE feature that should glaringly shine [0] during any internal security analysis, on software that they are licensing in exchange for money [1], and then fumble and drop the ball on security reports when someone does their due diligence for them.

If this company wants to earn any respect, they need at least to publish their post-mortem about how their software development practices allowed such a serious issue to reach shipping.

This should come as a given, especially seeing that this company already works on software related to security (OpenAuth [2]).

[0] https://owasp.org/Top10/2025/ - https://owasp.org/Top10/2025/A06_2025-Insecure_Design/ - https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/ - https://owasp.org/Top10/2025/A05_2025-Injection/

[1] https://opencode.ai/enterprise

[2] https://anoma.ly/

[Cornbilly]

I’ve noticed this a lot with startup culture.

It’s like an unwritten rule to only praise each other because to give honest criticism invites people to do the same to you and too much criticism will halt the gravy train.

[rtaylorgarlock]

I've struggled a bit on this: LinkedIn's positivity echo chamber vs. the negativity-rewarding dunk culture here. No greater power exists on HN than critical thinking using techno-logic in a negative direction, revenue and growth be damned.

Opencode don't have to maintain Zen for so cheaply. I don't have to say anything positive nor encouraging, just like I don't have to sh!t on youtuber 'maintainers' to promise incredible open source efforts which do more to prove they should stick to videos rather than dev. Idk. Not exactly encouraging me to comment at effing all if any positivity or encouragement is responded with the usual "hm idk coach better check yoself" ya honestly I think i know exactly what to do

[GoblinSlayer]

Honestly RCE here is in the browser. Why the browser executes any code in sight and this code can do anything?

[Rygian]

It's called "the world wide web" and it works on the principle that a webpage served by computer A can contain links that point to other pages served by computer B.

Whether that principle should have been sustained in the special case of "B = localhost" is a valid question. I think the consensus from the past 40 years has been "yes", probably based on the amount of unknown failure possibilities if the default was reversed to "no".

[GoblinSlayer]

owasp A01 addresses this: Violation of the principle of least privilege, commonly known as deny by default, where access should only be granted for particular capabilities, roles, or users, but is available to anyone.

Indeed, deny by default policy results in unknown failure possibilities, it's inherent to safety.

[pixl97]

>Violation of the principle of least privilege

I completely agree with this, programs are too open most of the time.

But, this also brings up a conundrum...

Programs that are wide open and insecure typically are very forgiving of user misconfigurations and misunderstandings, so they are the ones that end up widely adopted. Whereas a secure by default application takes much more knowledge to use in most cases, even though they protect the end user better, see less distribution unless forced by some other mechanism such as compliance.

[falloutx]

Its okay, if you can fix it soon, it should be fine.