Share
## https://sploitus.com/exploit?id=9E2B7C8E-AEB4-5E6D-9122-04BF16F9BE5B
# CVE-2026-22812

## Overview
A Python exploitation tool for OpenCode Remote Code Execution (RCE) vulnerability affecting versions                    Execute shell command
help                       Show help menu
exit                       Exit shell
session                    Show session ID
stats                      Show exploitation statistics
read                 Read file content
download    Download file
upload      Upload file
sysinfo                    Get system information
```

## Vulnerability Details
- **CVE ID**: CVE-2026-22812 / CVE-2026-22182
- **Product**: OpenCode
- **Affected Versions**: < v1.0.216
- **Vulnerability Type**: Remote Code Execution
- **Attack Vector**: Network
- **Authentication**: Not required

## Technical Details
The vulnerability exists in the session management endpoint (`/session`) which allows unauthenticated users to create sessions and execute arbitrary commands through the `/session/{id}/shell` endpoint.

### Endpoints Exploited:
1. `POST /session` - Create session
2. `POST /session/{id}/shell` - Execute commands
3. `GET /file/content` - Read files

## Mitigation
1. Upgrade to OpenCode version โ‰ฅ v1.0.216
2. Implement proper authentication and authorization
3. Restrict network access to OpenCode instances
4. Implement input validation and sanitization
5. Use Web Application Firewall (WAF)

## Code Structure
```
CVE-2026-22812.py
โ”œโ”€โ”€ Colors class (ANSI color codes)
โ”œโ”€โ”€ print_banner() (Display banner)
โ”œโ”€โ”€ Exploit class (Main exploit logic)
โ”‚   โ”œโ”€โ”€ __init__() (Initialization)
โ”‚   โ”œโ”€โ”€ check_vuln() (Vulnerability check)
โ”‚   โ”œโ”€โ”€ create_session() (Create session)
โ”‚   โ”œโ”€โ”€ exec_cmd() (Execute command)
โ”‚   โ”œโ”€โ”€ read_file() (Read file)
โ”‚   โ”œโ”€โ”€ write_file() (Write file)
โ”‚   โ”œโ”€โ”€ upload() (Upload file)
โ”‚   โ”œโ”€โ”€ download() (Download file)
โ”‚   โ”œโ”€โ”€ get_info() (System info)
โ”‚   โ”œโ”€โ”€ shell() (Interactive shell)
โ”‚   โ””โ”€โ”€ Helper methods
โ””โ”€โ”€ main() (Argument parsing)
```

## License
This tool is released for educational purposes only. Use at your own risk.

## Author
- **GitHub**: [0xgh057r3c0n](https://github.com/0xgh057r3c0n)
- **Tool**: CVE-2026-22812 Exploitation Tool

## Contributing
1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request

## Acknowledgments
- Security researchers who discovered the vulnerability
- Open source community
- All contributors and testers

## References
- [OpenCode Security Advisory](https://example.com/advisory)
- [CVE Database](https://cve.mitre.org/)
- [NVD Entry](https://nvd.nist.gov/)

## Support
For issues and questions, please:
1. Check existing GitHub issues
2. Create a new issue with detailed description
3. Include target URL (if possible) and error messages

## Version History
- v1.0.0 (2024-01-20): Initial release
  - Vulnerability detection
  - Command execution
  - File operations
  - Interactive shell
  - Proxy support