CVE-2026-22812 (CVSS 8.8) and CVE-2026-22813 (CVSS 9.4) were disclosed in the open source AI coding agent "OpenCode". Shell commands are executed via XSS of an unauthenticated HTTP server and Markdown renderer. The PoC has been published, with over 220,000 instances exposed online.
On March 19, 2026, Anthropic took legal action against OpenCode to remove the OAuth integration. On the same day, Python toolchain Astral announced that it was joining OpenAI's Codex team. The formation of AI coding tools was activated in one day.
