Intel

AIKIDO-2026-33855

openhands-sdk is vulnerable to Exposure of Sensitive Information

Exposure of Sensitive Information Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 2 days ago

38

Low Risk

This Affects:

PYTHONopenhands-sdk
1.10.0 - 1.29.3
Fixed in 1.30.0
Are you affected? Scan for Free

TL;DR

The SDK serializes a plugin's source field verbatim through PluginSource, so inline credentials embedded in a plugin or extension source URL (for example https://oauth2:TOKEN@host/repo.git) are written into persisted conversation state (meta.json), the auto-generated plugins tag, the remote conversation create payload, and ordinary model dumps. Any actor able to read that persisted metadata, the tags, or the serialized output can recover the embedded credentials. The fix adds a field_serializer on the plugin source and applies redact_url_credentials(..., preserve_placeholders=True) at the serialization boundary, masking real inline credentials while preserving ${VAR} references and keeping the raw value in memory for clone and update operations.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and configure plugin or extension sources with credentials embedded inline in the source URL.

Background info

openhands-sdk is vulnerable to Exposure of Sensitive Information in versions 1.10.0 - 1.29.3.

How to fix this

Upgrade the openhands-sdk library to the patch version.