openhands-agent-server is vulnerable to Authentication Bypass
65
Medium Risk
The agent server attaches its session API key auth dependencies to the /api/*, OpenAI-compatible, and workspace static routes only when config.session_api_keys is already populated at route-registration time. In deferred-init (warm-pool) deployments the server boots dormant with no session keys and receives them later via POST /api/init, so the key check is never attached to those routes. After POST /api/init lifts the dormant gate, the API serves conversation, file, and command endpoints without enforcing any session API key, exposing them to unauthenticated callers that can reach the pod. The fix replaces the route-time factory dependencies with dependencies that read the current config from request.app.state at request time so keys delivered via /api/init are enforced immediately.
You are affected if you are using a version that falls within the vulnerable range and the agent server is deployed in deferred-init (warm-pool) mode where session API keys are delivered at runtime via POST /api/init.
openhands-agent-server is vulnerable to Authentication Bypass in versions 1.29.0 - 1.29.0.
Upgrade the openhands-agent-server library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant