Intel

AIKIDO-2026-661702

openhands-sdk is vulnerable to Exposure of Sensitive Information

Exposure of Sensitive Information Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 2, 2026

45

Medium Risk

This Affects:

PYTHONopenhands-sdk
1.12.0 - 1.20.0
Fixed in 1.20.1
Are you affected? Scan for Free

TL;DR

The ACP agent stores environment variables and credentials in its acp_env field, which had no masking serializer. When the agent or conversation state is serialized to persisted storage, trajectory exports, or settings API responses, acp_env values are written in plaintext. An actor with access to that serialized output can read the stored credentials. The fix adds a field serializer that masks or encrypts acp_env values through the canonical serialize_secret helper.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and configure the ACP agent's acp_env field with sensitive credentials.

Background info

openhands-sdk is vulnerable to Exposure of Sensitive Information in versions 1.12.0 - 1.20.0.

How to fix this

Upgrade the openhands-sdk library to the patch version.