Home / Vulnerability Intelligence / CVE-2026-30304

CVE-2026-30304 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: March 30, 2026

AI Code - Command Injection

Published: March 27, 2026Updated: March 30, 2026Remote Exploitable

Overview

AI Code contains a command injection vulnerability caused by prompt injection allowing attackers to bypass user approval and execute arbitrary terminal commands automatically.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 6.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary terminal commands automatically, potentially compromising the entire system.

Mitigation

Update to the latest version with improved command classification and user approval mechanisms.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 27, 2026

🔴 CVE-2026-30304 - Critical (9.6) In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30304/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30304
Severity: Critical
CVSS Score: 9.6
Type: command_injection
Status: unconfirmed
EPSS: 6.1%
Social Posts: 1

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

6.1%Probability of exploitation in the next 30 days