AIKIDO-2026-10539
openhands-agent-server is vulnerable to Information exposure
45
Medium Risk
This Affects:
openhands-agent-serverTL;DR
The agent server WebSocket stack in openhands/agent_server/sockets.py authenticates clients using session_api_key from the query string and from X-Session-API-Key after the HTTP upgrade. Browsers and many clients place the session key in the request URL, which is commonly written to access logs, load balancer logs, and error traces. The change adds first-message authentication: after accept(), the server reads a first WebSocket text frame whose JSON includes type and session_api_key, so the secret is sent in the frame body instead of the URL. The older query and header path remains for compatibility with a warning; new clients should use the first-frame flow.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
openhands-agent-server is vulnerable to Information exposure in versions 1.0.0 - 1.18.0.
How to fix this
Upgrade the openhands-agent-server library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant