Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
AnalysisAI
Remote code execution in Syntx's command auto-approval module allows unauthenticated attackers to bypass whitelist security via shell command substitution syntax in command arguments. The vulnerability exploits inadequate regular expression parsing that fails to detect $(…) and backtick command substitution patterns, enabling an attacker to inject malicious commands within seemingly benign git operations (e.g., git log --grep="$(malicious_command)") that are automatically approved and executed with full system privileges. No CVSS score or KEV status data available; no public exploit code confirmed at time of analysis.
Technical ContextAI
Syntx implements a command auto-approval security module that uses regular expressions to whitelist safe command operations before execution. The vulnerability stems from incomplete shell metacharacter detection in the parsing logic. The system fails to recognize and block command substitution syntax-both the modern $(...) syntax and legacy backtick (…) syntax-which are evaluated by the shell before the whitelisted command itself executes. This is a classic OS command injection (CWE-78) flaw where user-controlled input is passed to a shell without proper sanitization. The root cause is the reliance on pattern matching rather than proper command tokenization or shell escaping; an attacker can nest malicious commands within quoted arguments that pass regex validation but are later expanded by the shell interpreter.
RemediationAI
Immediate remediation requires replacing the fragile regular expression-based command whitelist parser with a proper shell-safe command tokenization and validation mechanism. Vendors should implement one of the following: (1) use a shell-agnostic command parsing library that safely tokenizes arguments without relying on shell interpretation; (2) properly escape all user-supplied arguments using shell-safe escaping functions (e.g., shlex.quote in Python) before passing to the shell; or (3) disable automatic command approval for any command containing special shell characters ($(, `, |, &, ;, etc.) and require explicit user review. Syntx should release a patched version addressing these parsing gaps. Organizations currently using Syntx's auto-approval feature should disable automatic approval pending a patch, or implement additional input validation to reject commands containing shell metacharacters. Consult https://syntx.dev/ and the referenced GitHub issue for vendor advisory and patch availability.
Same weakness CWE-94 – Code Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17186
GHSA-p2qg-jv6h-hrr8