Description
In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
Published: 2026-03-30
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary command execution via prompt injection
Action: Patch or Disable
AI Analysis

Impact

A malicious user can craft input that deceives the SakaDev extension’s language model into labeling a destructive command as safe. The extension then automatically runs the command without asking for user approval, allowing the attacker to execute any arbitrary command on the host machine. The flaw therefore enables full control over the local environment.

Affected Systems

Any installation of the SakaDev Visual Studio Code extension (rahmanazhar.saka-dev) on a user workstation or shared development environment is affected; no specific version information is supplied.

Risk and Exploitability

No CVSS or EPSS scores are available, and the vulnerability is not listed in the CISA KEV catalog, yet the flaw can be exploited whenever a user interacts with the extension’s prompt. Attackers who can supply a crafted prompt—such as through a compromised workspace or social engineering—can trigger automatic execution of malicious commands. The potential impact is significant, though the precise likelihood depends on how readily the attacker can inject the prompt.

Generated by OpenCVE AI on March 31, 2026 at 06:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SakaDev extension to the latest available version, if an update addresses this flaw.
  • If no patch exists, uninstall or disable the SakaDev extension to eliminate the vulnerable execution path.
  • Configure Visual Studio Code or organizational policies to require explicit user confirmation before executing automatically generated terminal commands.
  • Monitor terminal logs for unexpected command executions and review user activity for indicators of prompt injection.

Generated by OpenCVE AI on March 31, 2026 at 06:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Real-World Prompt Injection Exploiting SakaDev Visual Studio Code Extension for Arbitrary Command Execution
Weaknesses CWE-94

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-30T20:04:26.731Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30306

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-30T21:17:08.983

Modified: 2026-03-30T21:17:08.983

Link: CVE-2026-30306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:00:22Z

Weaknesses