OpenCode, Open Season: Unauthenticated RCE via Localhost
Jan 14, 2026·6 min read·43 visits
Executive Summary (TL;DR)
OpenCode versions < 1.0.216 automatically start a local HTTP server on port 4096. Due to missing authentication and a wildcards-allowed CORS policy, any website you visit can send requests to `localhost:4096`, spinning up a shell and executing commands with your privileges. It is a zero-click drive-by RCE.
OpenCode, a popular AI coding agent, inadvertently turned developer machines into public APIs. By launching an unauthenticated HTTP server with permissive CORS on localhost, the tool allowed any website visited by a developer to execute arbitrary shell commands. It’s a classic case of 'convenience over security' resulting in a critical Remote Code Execution (RCE) vulnerability.
Official Patches
Fix Analysis (2)
Technical Appendix
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
opencode anomalyco | < 1.0.216 | 1.0.216 |
opencode anomalyco | < 1.1.10 | 1.1.10 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-942 (Permissive CORS) |
| Attack Vector | Network (Drive-by Web) |
| CVSS | 8.8 (High) |
| Impact | Remote Command Execution (RCE) |
| EPSS Score | 0.10% |
| Exploit Status | Functional PoC Available |
MITRE ATT&CK Mapping
Permissive Cross-domain Policy with Untrusted Domains