CVE-2026-56696
MediumCVSS 5.4Summary
The /issue and /pr_comments slash commands in OpenHarness lack remote_invocable=False protection, allowing remote senders to inject attacker-controlled Markdown into project context files.
Risk Assessment
Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which can persistently influence local agent behavior.
Recommendation
It is recommended to implement appropriate safeguards to prevent remote users from injecting content into project context files.
Original NVD description (English source)
OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runtime system prompts, persistently influencing local agent behavior.

