Skip to main content

Microsoft EUVDEUVD-2026-17421

| CVE-2026-30309 HIGH
OS Command Injection (CWE-78)
2026-03-31 mitre GHSA-cm3j-25qj-ffhm
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 14:30 euvd
EUVD-2026-17421
Analysis Generated
Mar 31, 2026 - 14:30 vuln.today
CVE Published
Mar 31, 2026 - 00:00 nvd
HIGH 7.8

DescriptionCVE.org

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.

AnalysisAI

InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

The vulnerability exists in InfCode's command filtering mechanism, which relies on a static blacklist to prevent execution of dangerous PowerShell commands such as 'powershell' itself. The filtering algorithm lacks semantic parsing capabilities and cannot recognize obfuscation techniques commonly used in PowerShell syntax, including string concatenation, variable assignment, and double-quote interpolation. This is fundamentally a CWE-426 or CWE-94 class issue-untrusted data flows directly to code execution without proper input validation or sandboxing. The root cause is the assumption that simple string matching can defend against command injection when the underlying command interpreter supports multiple syntax variants and obfuscation methods. The IDE's auto-execution feature compounds this by executing code implicitly during file import without explicit user confirmation, eliminating human verification as a secondary control.

RemediationAI

The primary remediation requires InfCode to replace its static blacklist with a robust input validation and command execution architecture. This should include: (1) implementing dynamic semantic parsing or abstract syntax tree (AST) analysis to recognize PowerShell syntax obfuscation techniques, not just string matching; (2) switching to an allowlist approach (permitting only necessary, low-risk commands) rather than a blocklist; (3) sandboxing command execution to restrict filesystem and network access; and (4) requiring explicit user confirmation before executing any imported code, with clear visibility into what commands will execute. Users should immediately disable auto-execution features in InfCode if the option is available, and avoid importing untrusted files. No vendor-released patch has been confirmed at time of analysis; monitor InfCode's official channels and GitHub repository for security updates. Until patched, treat all imported files as potentially malicious and review their contents in a text editor before opening them in the IDE.

Share

EUVD-2026-17421 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy