THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

CVE-2026-30304: In its design for automatic terminal command execution, AI C...

Saturday, March 28, 2026
Global
NVD

Summary

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be poten

Threat Analysis

**Vulnerability ID:** CVE-2026-30304

**CVSS Score:** 9.6 (Critical)

**Description:** In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.

**Recommended Mitigations:** - Apply vendor security patches immediately - Review and update security configurations - Monitor systems for signs of compromise - Implement network segmentation where applicable

Last updated: Mar 28, 2026, 09:18 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM