CVE-2026-40502 — OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient — CVE Database · The Intelligence Room