CVE-2026-30352
Received Received - Intake
Remote Code Execution in leonvanzyl autocoder /devserver/start Endpoint

Publication date: 2026-04-27

Last updated on: 2026-04-27

Assigner: MITRE

Description
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30352
EUVD
EUVD-2026-25863
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
leonvanzyl autocoder *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this remote code execution vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-30352 is a remote code execution (RCE) vulnerability in the leonvanzyl Autocoder project, specifically in commit 79d02a. It affects the `/devserver/start` endpoint and the `/api/projects/{project}/devserver/config` PATCH endpoint.

An attacker with network access to the devserver API can exploit this vulnerability by providing a specially crafted `command` parameter. This allows the attacker to start a development server with an attacker-controlled command or persist a malicious custom command, resulting in arbitrary operating system command execution on the server.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary code on the affected server remotely without any privileges or user interaction.

  • Complete compromise of the server hosting the Autocoder devserver.
  • Potential unauthorized access to sensitive data or systems connected to the server.
  • Disruption of services due to malicious commands executed by the attacker.
  • Possibility of persistent backdoors or malware installation on the server.
Detection Guidance

This vulnerability can be detected by monitoring and testing the /devserver/start and /api/projects/{project}/devserver/config PATCH endpoints for unexpected or crafted command parameters that could lead to arbitrary code execution.

One way to detect exploitation attempts is to send controlled requests to these endpoints with benign command parameters and observe the server's response or behavior.

Network detection can include monitoring for unusual HTTP requests targeting the /devserver/start endpoint with suspicious command parameters.

Example commands to test or detect the vulnerability might include using curl to send crafted requests:

  • curl -X POST http://<target>/devserver/start -d 'command=whoami'
  • curl -X PATCH http://<target>/api/projects/<project>/devserver/config -H 'Content-Type: application/json' -d '{"command":"whoami"}'

If the server executes the command and returns output, it indicates the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the vulnerable endpoints to trusted users only, such as by implementing firewall rules or network segmentation.

Disabling or restricting the /devserver/start and /api/projects/{project}/devserver/config PATCH endpoints if they are not required can reduce exposure.

Applying any available patches or updates from the leonvanzyl Autocoder project that address this vulnerability is critical.

Monitoring logs for suspicious activity targeting these endpoints can help detect exploitation attempts early.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart