{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-55743/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T15:40:47.796Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-55743","@id":"https://www.cve.org/CVERecord?id=CVE-2026-55743","description":"The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: (1) is_args_safe() blocks the find flags -exec and -ok but not the functionally identical -execdir and -okdir, which also execute an arbitrary command for each matched file; and (2) skip_env_assignments() strips leading i"},"products":[{"@id":"cpe:2.3:a:tinyhumansai:openhuman:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:tinyhumansai:openhuman:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-17T15:40:47.796Z"}]}