Description
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Roo Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
Published: 2026-03-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an operating‑system command injection flaw located in Roo Code’s command auto‑approval module. It arises from weak regular‑expression checks that fail to block shell command substitutions such as $(...) and backticks. An attacker can embed these constructs in otherwise legitimate commands—for example, git log --grep="$(malicious_command)"—and the module will incorrectly classify the input as safe. The resulting automatic approval triggers execution of the injected code, giving the attacker full remote code execution with the privileges of the running process.

Affected Systems

All deployments of the Roo Code command auto‑approval module are impacted. No specific product versions are listed, indicating that the flaw exists across the current release until a vendor patch is released.

Risk and Exploitability

The CVSS score of 9.8 signals extremely high severity, and the EPSS score of less than 1% indicates that the vulnerability is not yet widely exploited but could be abused quietly. It is not catalogued in CISA’s KEV list. Although the direct attack vector is not described, the nature of the flaw suggests that exploitation can occur via any interface that accepts user‑supplied shell commands, whether through the web UI or an API. Once a crafted command is submitted, no further user interaction is required for the malicious code to run.

Generated by OpenCVE AI on April 6, 2026 at 20:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or update me Roo Code when one becomes available immediately.
  • Until a patch is released, disable or remove the auto‑approval feature to force manual review of all commands.
  • Replace the weak regular‑expression whitelist with strict, enumerated command validation logic.
  • Monitor system logs for unexpected command execution or anomalies and investigate promptly.
  • Notify all stakeholders of the risk and document any incidents.

Generated by OpenCVE AI on April 6, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Command Injection Exploitation in Roo Code Command Auto‑Approval Module

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Roocode roo Code
CPEs cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:*
Vendors & Products Roocode roo Code

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Command Injection Exploitation in Roo Code Command Auto‑Approval Module
First Time appeared Roocode
Roocode command Auto Approval Module
Vendors & Products Roocode
Roocode command Auto Approval Module

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Roo Code Command Auto-Approval Module
Weaknesses CWE-78

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Roo Code Command Auto-Approval Module
Weaknesses CWE-78

Mon, 30 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Roo Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
References

Subscriptions

Roocode Command Auto Approval Module Roo Code
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T17:52:54.351Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30307

cve-icon Vulnrichment

Updated: 2026-04-01T17:51:39.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T20:16:21.220

Modified: 2026-04-06T15:57:26.460

Link: CVE-2026-30307

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:40Z

Weaknesses