Description
In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
Published: 2026-03-31
Score: n/a
EPSS: n/a
KEV: No
Impact: Arbitrary Command Execution
Action: Immediate Mitigation
AI Analysis

Impact

A flaw in the Sixth tool’s automatic terminal command execution logic allows an attacker to inject a malicious command by disguising it as a safe command, causing the model to misclassify it and execute the command without user approval. The vulnerability stems from improper input validation of the model‑derived command classification, enabling the attacker to gain full control over the host system by running arbitrary commands.

Affected Systems

The affected product is Sixth, an application that uses a language model to decide which terminal commands to run automatically. No specific vendor or product versions are listed, but any installation that relies on the automatic safe‑command feature is at risk.

Risk and Exploitability

The CVSS score is not provided, and the EPSS value is unavailable, however the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the most likely attack vector is a prompt injection performed by the attacker to manipulate the model’s safety assessment. Once the malicious command is classified as safe, the tool executes it automatically, which can lead to a complete compromise of the system if the attacker runs privileged commands. Because no patch is currently documented, the risk remains significant until a vendor update is released.

Generated by OpenCVE AI on March 31, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or remove the automatic execution of safe commands in Sixth.
  • Configure all command executions to require explicit user approval regardless of classification.
  • Apply any available vendor updates or patches as soon as they are released.
  • Monitor execution logs for unexpected or suspicious commands.
  • Limit access to the model prompt interface to trusted users only.

Generated by OpenCVE AI on March 31, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Automatic Command Execution in Sixth Vulnerable to Prompt Injection
Weaknesses CWE-20

Tue, 31 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T13:32:25.751Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30310

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T14:16:11.390

Modified: 2026-03-31T14:16:11.390

Link: CVE-2026-30310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:57:00Z

Weaknesses