Description
In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
Published: 2026-03-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Command Execution
Action: Immediate Patch
AI Analysis

Impact

SakaDev is a Visual Studio Code extension that automatically runs terminal commands suggested by a language model. The extension classifies commands as safe or potentially destructive, executing safe ones without user confirmation. The design permits prompt injection, allowing an attacker to embed malicious code within a seemingly harmless prompt that misleads the model into labeling the command safe, thereby bypassing the safety check and executing arbitrary shell commands.

Affected Systems

The vulnerability affects the SakaDev extension for Visual Studio Code developed by Rahman Azhar. No specific product versions are listed as fixed, and the published data do not identify which releases are vulnerable, so the impact scope encompasses all installed copies of the extension until a patch becomes available.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. The EPSS score of less than 1% suggests that no widespread exploitation has been observed to date, but the high severity means an attacker who can influence the model’s prompt could trigger execution of arbitrary commands. The vulnerability is not listed in the CISA KEV catalog. Attack likely occurs from within the extension’s user interface where the model processes prompts, making it essential to mitigate the issue.

Generated by OpenCVE AI on April 8, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SakaDev extension to the latest patched version as soon as it becomes available.
  • Disable automatic command execution or enforce user confirmation for all commands in the extension’s settings.
  • Monitor the extension’s activity for unexpected command executions.
  • Limit the extension’s permissions to run only the commands that are strictly necessary.
  • Keep Visual Studio Code and its extensions regularly updated.

Generated by OpenCVE AI on April 8, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Prompt Injection Causing Arbitrary Command Execution in SakaDev Visual Studio Code Extension

Wed, 08 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Rahmanazhar
Rahmanazhar sakadev
CPEs cpe:2.3:a:rahmanazhar:sakadev:*:*:*:*:*:visual_studio_code:*:*
Vendors & Products Rahmanazhar
Rahmanazhar sakadev

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sakadev
Sakadev saka-dev
Vendors & Products Sakadev
Sakadev saka-dev

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Real-World Prompt Injection Exploiting SakaDev Visual Studio Code Extension for Arbitrary Command Execution

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Real-World Prompt Injection Exploiting SakaDev Visual Studio Code Extension for Arbitrary Command Execution
Weaknesses CWE-94

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
References

Subscriptions

Rahmanazhar Sakadev
Sakadev Saka-dev
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T17:57:44.311Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30306

cve-icon Vulnrichment

Updated: 2026-04-01T17:57:26.971Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T21:17:08.983

Modified: 2026-04-08T15:49:50.410

Link: CVE-2026-30306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:49Z

Weaknesses