Description

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.

INFO

Published Date :

2026-03-27T00:00:00.000Z

Last Modified :

2026-03-27T19:48:56.483Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30304 vulnerability.

Vendors Products
Tianguaduizhang
  • Ai Code
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30304.

URL Resource
https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/2 cve-icon cve-icon
https://marketplace.visualstudio.com/items?itemName=tianguaduizhang.claude-dev-china cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact