Skip to main content

CVE-2026-30314

| EUVDEUVD-2026-17427 CRITICAL
OS Command Injection (CWE-78)
2026-03-31 mitre
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 15:01 euvd
EUVD-2026-17427
Analysis Generated
Mar 31, 2026 - 15:01 vuln.today
CVE Published
Mar 31, 2026 - 00:00 nvd
CRITICAL 9.8

DescriptionCVE.org

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.

AnalysisAI

Remote code execution in Ridvay Code's command auto-approval module allows unauthenticated attackers to bypass whitelist security controls via shell command substitution syntax (e.g., $(...) or backticks) embedded in command arguments. The vulnerability stems from insufficient regular expression validation that fails to detect command injection payloads, permitting an attacker to execute arbitrary OS commands with automatic approval. No user interaction is required; a crafted command such as git log --grep="$(malicious_command)" will be misidentified as safe and executed by the underlying shell, resulting in remote code execution.

Technical ContextAI

Ridvay Code implements a command auto-approval mechanism that uses regular expressions to whitelist safe operations. The vulnerability exploits a fundamental weakness in shell command parsing: the system validates the command structure but does not account for shell metacharacters and substitution mechanisms-specifically $(...) (command substitution) and backticks (...)-which are evaluated by the shell at runtime after the command passes the whitelist check. This is a classic case of CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The affected component parses incoming commands to determine if they are safe (e.g., git operations) but the regex-based validation occurs at a syntactic level without consideration of shell expansion semantics. When a shell processes the approved command, it evaluates the embedded substitution syntax before executing the outer command, allowing injected payloads to run with the privileges of the Ridvay Code process.

RemediationAI

Immediate remediation requires vendor patching; no vendor-released patch version has been identified in available data. Organizations running Ridvay Code should contact the vendor (https://ridvay.com/) to obtain a patched version that properly sanitizes or escapes shell metacharacters before command approval. Interim workarounds pending patch deployment include: implementing input validation at the network level to reject commands containing shell substitution syntax ($(...), backticks), running Ridvay Code with restricted privileges (non-root user) to limit RCE impact, and disabling the auto-approval feature entirely in favor of explicit manual approval for critical commands. Contact the vendor or monitor their security advisories at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/8 for patch release timelines.

Share

CVE-2026-30314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy