Share
## https://sploitus.com/exploit?id=9E2B7C8E-AEB4-5E6D-9122-04BF16F9BE5B
# CVE-2026-22812
## Overview
A Python exploitation tool for OpenCode Remote Code Execution (RCE) vulnerability affecting versions Execute shell command
help Show help menu
exit Exit shell
session Show session ID
stats Show exploitation statistics
read Read file content
download Download file
upload Upload file
sysinfo Get system information
```
## Vulnerability Details
- **CVE ID**: CVE-2026-22812 / CVE-2026-22182
- **Product**: OpenCode
- **Affected Versions**: < v1.0.216
- **Vulnerability Type**: Remote Code Execution
- **Attack Vector**: Network
- **Authentication**: Not required
## Technical Details
The vulnerability exists in the session management endpoint (`/session`) which allows unauthenticated users to create sessions and execute arbitrary commands through the `/session/{id}/shell` endpoint.
### Endpoints Exploited:
1. `POST /session` - Create session
2. `POST /session/{id}/shell` - Execute commands
3. `GET /file/content` - Read files
## Mitigation
1. Upgrade to OpenCode version โฅ v1.0.216
2. Implement proper authentication and authorization
3. Restrict network access to OpenCode instances
4. Implement input validation and sanitization
5. Use Web Application Firewall (WAF)
## Code Structure
```
CVE-2026-22812.py
โโโ Colors class (ANSI color codes)
โโโ print_banner() (Display banner)
โโโ Exploit class (Main exploit logic)
โ โโโ __init__() (Initialization)
โ โโโ check_vuln() (Vulnerability check)
โ โโโ create_session() (Create session)
โ โโโ exec_cmd() (Execute command)
โ โโโ read_file() (Read file)
โ โโโ write_file() (Write file)
โ โโโ upload() (Upload file)
โ โโโ download() (Download file)
โ โโโ get_info() (System info)
โ โโโ shell() (Interactive shell)
โ โโโ Helper methods
โโโ main() (Argument parsing)
```
## License
This tool is released for educational purposes only. Use at your own risk.
## Author
- **GitHub**: [0xgh057r3c0n](https://github.com/0xgh057r3c0n)
- **Tool**: CVE-2026-22812 Exploitation Tool
## Contributing
1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request
## Acknowledgments
- Security researchers who discovered the vulnerability
- Open source community
- All contributors and testers
## References
- [OpenCode Security Advisory](https://example.com/advisory)
- [CVE Database](https://cve.mitre.org/)
- [NVD Entry](https://nvd.nist.gov/)
## Support
For issues and questions, please:
1. Check existing GitHub issues
2. Create a new issue with detailed description
3. Include target URL (if possible) and error messages
## Version History
- v1.0.0 (2024-01-20): Initial release
- Vulnerability detection
- Command execution
- File operations
- Interactive shell
- Proxy support