Unauthenticated remote code execution in OpenCode
CyberShadow Sunday, January 11, 2026Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.
Summary
The article discusses a critical vulnerability in the OpenCode platform that allows remote code execution (RCE) attacks. It provides technical details on the vulnerability, its impact, and steps to mitigate the issue.
227
64
Summary
cy.md