CVE-2026-30304 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 27, 2026
AI Code - Command Injection
Published: March 27, 2026Updated: March 27, 2026Remote Exploitable
Overview
AI Code contains a command injection vulnerability caused by prompt injection allowing attackers to bypass user approval and execute arbitrary terminal commands automatically.
Severity & Score
Severity: Critical
CVSS Score: 9.6
Impact
Attackers can execute arbitrary terminal commands automatically, potentially compromising the entire system.
Mitigation
Update to the latest version with improved command classification and user approval mechanisms.
References
Related Resources
Details
- CVE ID
- CVE-2026-30304
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- command_injection
- Status
- new
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H