CVE-2026-30309 - Vulnerability Details

Description

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.

Published: 2026-03-31

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

InfCode's terminal auto‑execution module contains a command filtering flaw that renders its blacklist ineffective, allowing malicious PowerShell commands to run without user confirmation. This results in arbitrary code execution, potentially compromising system integrity and leaking sensitive data. The weakness is a form of command injection (CWE‑78).

Affected Systems

The vulnerability affects InfCode’s terminal auto‑execution component that is part of the IDE. No specific product names or version numbers are listed; any installation of InfCode that includes this feature is potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level. An attacker can embed obfuscated PowerShell commands into a file and, when a user imports that file into the IDE, trigger execution of those commands. The exploit requires only the delivery of a malicious file and no additional conditions, suggesting a straightforward attack path. The EPSS score is not available, and the issue is not listed in the KEV catalog, but the simplicity of the attack makes exploitation likely.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest InfCode update that fixes the auto‑execution filtering logic
Disable terminal auto‑execution or restrict loading of untrusted files in the IDE
Avoid importing files from untrusted or unknown sources until a patch is applied
Enforce a PowerShell execution policy that blocks scripts from untrusted directories

Generated by OpenCVE AI on March 31, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11
https://www.tokfinity.com/infcode

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		InfCode Terminal Auto‑Execution Vulnerability Allowing Arbitrary PowerShell Command Execution

Tue, 31 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-78
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.
References		https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11 https://www.tokfinity.com/infcode

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-03-31T15:15:28.893Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30309

Vulnrichment

Updated: 2026-03-31T15:11:13.504Z

NVD

Status : Received

Published: 2026-03-31T15:16:12.863

Modified: 2026-03-31T16:16:30.093

Link: CVE-2026-30309

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T19:56:59Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object