Unauthenticated Remote Code Execution in OpenCode
Affected software: OpenCode (npm: opencode-ai )
TL;DR: Before v1.1.10 , OpenCode automatically and silently started an unauthenticated web server which allowed connecting peers to execute arbitrary code.
, OpenCode automatically and silently started an unauthenticated web server which allowed connecting peers to execute arbitrary code. Before v1.0.216 , any website could execute arbitrary code on your machine if OpenCode was running — no user interaction or configuration necessary.
, any website could execute arbitrary code on your machine if OpenCode was running — no user interaction or configuration necessary. Since v1.1.10, the server is disabled by default, but when enabled (via flags or config) it remains completely unauthenticated.
Vulnerability Summary
OpenCode is an open-source AI coding assistant. Prior to v1.1.10, it automatically spawned an HTTP server (default port 4096+) on startup. Since v1.1.10, the server is disabled by default but can be enabled via command-line flags or configuration file. When running, the server exposes endpoints for:
Executing arbitrary shell commands ( POST /session/:id/shell )
) Creating interactive terminal sessions ( POST /pty )
) Reading arbitrary files ( GET /file/content )
... continue reading