Skip to content

DNGriffin/opencode-rce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
index.html
index.html
 
 
serve.py
serve.py
 
 

Repository files navigation

OpenCode Security Vulnerability Demo

This proof-of-concept demonstrates a critical security vulnerability in OpenCode's server architecture.

The Vulnerability

OpenCode's local server has two critical security issues:

  1. Open CORS Policy: Uses cors() with default settings, allowing Access-Control-Allow-Origin: *
  2. No Authentication: All API endpoints are accessible without any authentication

This means any website you visit can:

  • Execute shell commands on your machine
  • Read files from your filesystem
  • Manipulate AI agents
  • Exfiltrate sensitive data

Running the Demo

Prerequisites

  1. OpenCode must be installed and running. Any of these are vulnerable:

    # Production binary (installed via npm/bun)
opencode serve

# Or just running opencode (TUI also starts the server)
opencode

# Or development mode
cd /path/to/opencode
bun run dev

    Note: The vulnerability exists in BOTH development AND production builds. The same cors() middleware with default settings (allowing all origins) is compiled into the production binary.

  2. Python 3 for the demo server (or any HTTP server)

Start the Demo

cd opencode-vuln-demo
python3 serve.py

Then open http://localhost:8080 in your browser.

Alternative: Using any HTTP server

# Using Node.js
npx serve .

# Using PHP
php -S localhost:8080

Attack Vectors Demonstrated

Attack API Endpoint Risk Level
Server Info Leak GET /global/health, GET /path Medium
Session Enumeration GET /session Medium
File Reading GET /file/content?path=... Critical
Directory Listing GET /file?path=... High
Config Extraction GET /config Critical
PTY Shell Creation POST /pty Critical
Shell Command Exec WebSocket /pty/:id/connect Critical
AI Agent Manipulation POST /session/:id/message Critical
Permission Bypass POST /session/:id/permissions/:id Critical

Why This Works

Even though OpenCode binds to 127.0.0.1 (localhost), browsers allow JavaScript from any origin to make requests to localhost. The open CORS policy (Access-Control-Allow-Origin: *) explicitly permits these cross-origin requests.

Mitigation Recommendations

  1. Token-based authentication for all API endpoints
  2. Strict CORS policy - only allow requests from trusted origins
  3. Origin header validation - reject requests from web pages
  4. Rate limiting on sensitive endpoints
  5. Permission system for API access - not just for tool execution

Responsible Disclosure

This demo is for educational and security research purposes only. Please report security vulnerabilities to the OpenCode maintainers responsibly.

Files

  • index.html - Main demo interface
  • serve.py - Simple Python HTTP server
  • README.md - This file

About

POC to show opencode RCE vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages