Summary
OpenCode patched a critical XSS vulnerability (CVE-2026-22813) that allowed malicious websites to execute arbitrary commands on a user's local system by abusing the tool's internal API.
Take Action:
If you are using OpenCode, update to version 1.1.10 ASAP to disable the vulnerable web UI and API. Avoid clicking untrusted links, check underling URLs and don't click on any links that you haven't crafted but point to your local machine's ports .
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)