Skip to main content

CVE-2026-30312

| EUVDEUVD-2026-17425 CRITICAL
OS Command Injection (CWE-78)
2026-03-31 mitre GHSA-w4rv-fppc-w84h
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 14:30 euvd
EUVD-2026-17425
Analysis Generated
Mar 31, 2026 - 14:30 vuln.today
CVE Published
Mar 31, 2026 - 00:00 nvd
CRITICAL 9.8

DescriptionCVE.org

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.

AnalysisAI

Remote code execution in DSAI-Cline's command auto-approval module allows unauthenticated attackers to bypass whitelist validation by embedding literal newline characters within command payloads, forcing the system to execute arbitrary OS commands without user interaction. The vulnerability exploits ineffective string-based parsing that fails to sanitize newline separators, enabling attackers to chain whitelisted commands (e.g., git log) with malicious code that PowerShell interprets as sequential commands. No CVSS score, EPSS data, or KEV confirmation available; exploitation status and real-world impact remain unconfirmed.

Technical ContextAI

DSAI-Cline implements a command auto-approval mechanism intended to safely execute whitelisted OS commands through PowerShell. The system performs string-based validation to block dangerous shell operators (semicolons, logical operators, pipes, and command substitution syntax), but this filtering is incomplete. The root cause is insufficient input sanitization that does not account for literal newline characters (\n or \r\n) as command separators. When PowerShell parses the injected payload, it treats newlines as command delimiters rather than data characters, causing the interpreter to execute both the whitelisted portion and the injected malicious command sequentially. This is a classic case of inadequate allowlist implementation (CWE category: Improper Input Validation combined with OS Command Injection) where the security boundary between safe and unsafe input is bypassed through an unanticipated encoding or formatting mechanism.

RemediationAI

Patch availability and exact fix versions are not confirmed from available data. Immediate remediation requires contacting the DSAI-Cline vendor or project maintainers for a patched release that properly sanitizes newline characters and other whitespace in command input validation. Affected organizations should implement input validation that treats any command-terminating character (including newlines, carriage returns, and other whitespace) as invalid within whitelisted command parameters, or adopt a more robust allowlist mechanism such as fixed argument parsing rather than string pattern matching. Until a patch is available, disable the command auto-approval feature entirely and require explicit user confirmation for all OS command execution. Organizations should monitor the GitHub repositories listed above and the CVE databases for vendor security advisories.

Share

CVE-2026-30312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy