CVE-2026-30314
OS Command Injection in Ridvay Code Auto-Approval Module Enables RCE
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ridvay | auto-approval_module | to 0.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30314 is a critical OS command injection vulnerability in Ridvay Code's command auto-approval module. This module is supposed to whitelist safe commands using regular expressions, but it fails to properly handle shell command substitution syntax such as $() and backticks. An attacker can craft commands like git log --grep="$(malicious_command)" that the system mistakenly approves as safe. However, the underlying shell executes the injected malicious command, leading to remote code execution without any user interaction.
- The vulnerability affects the Tool Call Parser, Command Validation Logic, and Auto-Execution Module.
- It is classified under CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary commands remotely on the affected system without any user interaction. Because the command auto-approval module incorrectly approves malicious commands, attackers can inject and run harmful code, potentially leading to full system compromise, data theft, or disruption of services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious command patterns that include shell command substitution syntax such as `$()` or backticks (``) within commands that are supposed to be auto-approved by the Ridvay Code command auto-approval module.
Specifically, commands that resemble safe operations but contain injected commands inside arguments, for example: `git log --grep="$(malicious_command)"`.
To detect exploitation attempts, you can search logs or running processes for commands containing these patterns.
- Use grep or similar tools to find suspicious commands in logs: `grep -E '\$\(|`' /path/to/command/logs`
- Monitor running processes for suspicious command substitution: `ps aux | grep -E '\$\(|`'`
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the use of the Ridvay Code command auto-approval module until a patch or fix is available.
Avoid relying on the fragile regular expression-based whitelist mechanism that fails to properly neutralize shell command substitution.
Implement additional input validation or sanitization to block commands containing `$()` or backticks before they reach the auto-approval module.
Monitor system logs and running processes for suspicious command patterns as a temporary detection measure.