Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical1
High1
Medium0
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-01-21

CVE-2026-22813 - Opencode Plugin

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response for a chat session gets JavaScript execution on the http://localhost:4096 origin. This vulnerability is fixed in 1.1.10.

PLUGIN Opencode

CVE-2026-22813

CRITICAL CVSS 9.4 2026-01-12
Open Full Technical Breakdown
Threat Entry Updated 2026-01-21

CVE-2026-22812 - Opencode Plugin

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

PLUGIN Opencode

CVE-2026-22812

HIGH CVSS 8.8 2026-01-12
Open Full Technical Breakdown
Scroll to top