CVE-2026-40515 — OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attack — CVE Database · The Intelligence Room