CVE-2026-30302 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 27, 2026
CodeRider-Kilo - OS Command Injection
Overview
CodeRider-Kilo contains an OS command injection caused by improper command parsing and escape sequence handling in the auto-approval module on Windows, letting attackers bypass whitelist and execute arbitrary commands remotely, exploit requires Windows CMD environment.
Severity & Score
Impact
Attackers can execute arbitrary commands remotely, bypassing whitelist protections and potentially taking full control of the system.
Mitigation
Update to the latest version with corrected command parsing and escape sequence handling for Windows CMD.
Social Media Activity(2 posts)
š“ CVE-2026-30302 - Critical (10) The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b... š https://www.thehackerwire.com/vulnerability/CVE-2026-30302/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-30302 - Critical (10) The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-b... š https://www.thehackerwire.com/vulnerability/CVE-2026-30302/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30302
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- command_injection
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H