CVE-2026-30308CRITICAL 9.8EPSS p39.5%

CVE-2026-30308CVE-2026-30308

Description

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.5% · 2026-06-19T12:03:05Z
Published2026-03-30
Last modified2026-04-08

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/10
  2. https://github.com/presidio-oss/hai-build

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30304
CVE
CVE-2026-30310
CVE
CVE-2026-30306
CVE
CVE-2026-49188
CVE
CVE-2025-37162
CVE
CVE-2025-64128
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.