Description
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The Axon Code parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check.
Published: 2026-03-27
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an OS Command Injection in the command auto‑approval module of Axon Code. By exploiting a mismatch between the Unix‑based shell‑quote parser and the Windows command interpreter, attackers can craft inputs that bypass the whitelist check and trigger arbitrary commands. This gives attackers full control over the system, compromising confidentiality, integrity, and availability. The weakness is directly mapped to OS Command Injection (CWE‑78).

Affected Systems

The issue exists in the Axon Code auto‑approval module running on Windows. No specific vendor or product version list is provided; all deployments of this module prior to any available patch are potentially vulnerable.

Risk and Exploitability

The attack vector is inferred to be through the auto‑approval mechanism, likely requiring an attacker to submit a command or have access to a system that can upload commands. No EPSS score or CVSS score is supplied, but the nature of the exploitation—arbitrary command execution—suggests high severity. The vulnerability is not listed in the KEV catalog, yet it can be exploited by anyone who can influence the auto‑approval input. The ability to bypass a whitelist signifies a severe breach of intended security controls.

Generated by OpenCVE AI on March 27, 2026 at 15:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the vendor‑issued patch for the Axon Code auto‑approval module if available.
  • If a patch is not yet released, disable the auto‑approval feature or restrict it to trusted users only.
  • Implement Windows‑compatible command parsing that correctly handles CMD escape sequences; avoid using Unix‑based parsers on Windows.
  • Validate all command inputs against an explicit whitelist before execution.
  • Monitor system logs for signs of unauthorized command execution and respond promptly.

Generated by OpenCVE AI on March 27, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Axon Code Auto‑Approval Module Vulnerability Allows Remote Command Execution on Windows

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The Axon Code parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-27T19:17:04.406Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30303

cve-icon Vulnrichment

Updated: 2026-03-27T19:15:06.969Z

cve-icon NVD

Status : Received

Published: 2026-03-27T15:16:52.513

Modified: 2026-03-27T20:16:28.163

Link: CVE-2026-30303

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:29:04Z

Weaknesses