THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-wmj8-9953-vff5 (high) — OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection

[GHSA] GHSA-wmj8-9953-vff5 (high) — OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection

highgithub_advisoriesPublished 2026-07-14

GHSA-wmj8-9953-vff5 Severity: high CVE: CVE-2026-44300

OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection

## Summary

OpenCost contains an unauthenticated file write vulnerability in the `/serviceKey` endpoint that allows remote attackers to overwrite the GCP service account key file without authentication. This can lead to service disruption, credential theft, and potenti

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-wmj8-9953-vff5