Description
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
Published: 2026-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Ridvay Code's auto‑approval module contains an OS command injection flaw that defeats its whitelist security checks. By embedding shell substitutions or backticks inside command arguments, an attacker can trick the module into approving a harmless looking command while the embedded payload executes. This flaw enables an attacker to run arbitrary commands on the host system without any user interaction, compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

The vulnerability affects Ridvay's Auto‑Approval Module. No explicit version range is provided by the authors, so all builds of the module should be considered vulnerable until a patch is issued.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. The EPSS score of less than 1% suggests current exploit prevalence is low, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector likely requires an attacker to supply a crafted command to the module, which may be feasible over public interfaces or by any authenticated user depending on deployment. The exploited path involves the module parsing the command string, misclassifying it as safe, and executing it through the underlying shell, leading to remote code execution.

Generated by OpenCVE AI on April 3, 2026 at 18:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security patch released by Ridvay for the Auto‑Approval Module. If a patch is not yet available, contact Ridvay support for an advisory or an interim fix.

Generated by OpenCVE AI on April 3, 2026 at 18:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Ridvay Auto‑Approval Module

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ridvay auto-approval Module
CPEs cpe:2.3:a:ridvay:auto-approval_module:*:*:*:*:*:*:*:*
Vendors & Products Ridvay auto-approval Module

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ridvay
Ridvay ridvay Code
Vendors & Products Ridvay
Ridvay ridvay Code

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Command Injection in Ridvay Code Auto‑Approval Module Enabling Remote Code Execution

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Command Injection in Ridvay Code Auto‑Approval Module Enabling Remote Code Execution
Weaknesses CWE-78

Tue, 31 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
References

Subscriptions

Ridvay Auto-approval Module Ridvay Code
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T18:38:37.479Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30311

cve-icon Vulnrichment

Updated: 2026-04-01T18:38:28.891Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T15:16:12.987

Modified: 2026-04-03T15:54:40.707

Link: CVE-2026-30311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:51Z

Weaknesses