Intel

AIKIDO-2026-752802

openhands-sdk is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jun 24, 2026

59

Medium Risk

This Affects:

PYTHONopenhands-sdk
1.0.0 - 1.28.1
Fixed in 1.29.0
Are you affected? Scan for Free

TL;DR

The SDK handles git, plugin, and extension source URLs that can embed credentials such as https://user:token@host. Before the fix these credentials are written verbatim into error logs, stored on the command and stderr fields of GitCommandError, and serialized into persisted state including Skill.mcp_tools. An actor able to read logs, exception output, or persisted conversation/installation state can recover the embedded tokens. The fix routes these values through a central URL-credential redactor and masks secrets at the logging and serialization boundaries.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you supply git, plugin, or extension source URLs that embed credentials such as https://user:token@host.

Background info

openhands-sdk is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 1.0.0 - 1.28.1.

How to fix this

Upgrade the openhands-sdk library to the patch version.