Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.
AnalysisAI
InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in InfCode's command filtering mechanism, which relies on a static blacklist to prevent execution of dangerous PowerShell commands such as 'powershell' itself. The filtering algorithm lacks semantic parsing capabilities and cannot recognize obfuscation techniques commonly used in PowerShell syntax, including string concatenation, variable assignment, and double-quote interpolation. This is fundamentally a CWE-426 or CWE-94 class issue-untrusted data flows directly to code execution without proper input validation or sandboxing. The root cause is the assumption that simple string matching can defend against command injection when the underlying command interpreter supports multiple syntax variants and obfuscation methods. The IDE's auto-execution feature compounds this by executing code implicitly during file import without explicit user confirmation, eliminating human verification as a secondary control.
RemediationAI
The primary remediation requires InfCode to replace its static blacklist with a robust input validation and command execution architecture. This should include: (1) implementing dynamic semantic parsing or abstract syntax tree (AST) analysis to recognize PowerShell syntax obfuscation techniques, not just string matching; (2) switching to an allowlist approach (permitting only necessary, low-risk commands) rather than a blocklist; (3) sandboxing command execution to restrict filesystem and network access; and (4) requiring explicit user confirmation before executing any imported code, with clear visibility into what commands will execute. Users should immediately disable auto-execution features in InfCode if the option is available, and avoid importing untrusted files. No vendor-released patch has been confirmed at time of analysis; monitor InfCode's official channels and GitHub repository for security updates. Until patched, treat all imported files as potentially malicious and review their contents in a text editor before opening them in the IDE.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17421
GHSA-cm3j-25qj-ffhm