CVE-2026-30304

CRITICAL

9.6

Beschreibung

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.

CVE Details

CVSS v3.1 Bewertung9.6

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht3/27/2026

Zuletzt geandert4/3/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

tianguaduizhang:ai_code

Schwachen (CWE)

CWE-20

Referenzen

https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/2(cve@mitre.org)

https://marketplace.visualstudio.com/items?itemName=tianguaduizhang.claude-dev-china(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.