CVE-2026-30304CRITICAL 9.6EPSS p34.7%

CVE-2026-30304CVE-2026-30304

Description

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.7% · 2026-06-19T12:03:05Z
Published2026-03-27
Last modified2026-04-03

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/2
  2. https://marketplace.visualstudio.com/items?itemName=tianguaduizhang.claude-dev-china

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30308
CVE
CVE-2026-30310
CVE
CVE-2026-30306
CVE
CVE-2025-55319
CVE
CVE-2025-58370
CVE
CVE-2025-57771
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.