CVE-2026-30311 - Vulnerability Details

Description

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.

Published: 2026-03-31

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Ridvay Code implements an automatic command approval feature that uses fragile regular expressions to filter potentially dangerous commands. The filter fails to detect standard shell command‑substitution syntax such as $(…) or backticks, allowing an attacker to craft a benign-looking command like `git log --grep="$(malicious_command)"`. The system then incorrectly treats the command as safe, executes it through the underlying shell, and grants the attacker arbitrary code execution on the host without any user interaction.

Affected Systems

The flaw affects any installation of Ridvay Code that employs its auto‑approval module. No specific product version is identified in the advisory, so all current deployments of the module are potentially vulnerable.

Risk and Exploitability

The advisory does not disclose a CVSS score or EPSS value, and the issue has not been catalogued by CISA as a known exploited vulnerability. The attack vector is inferred to be the command submission interface of the auto‑approval module, which may be reachable by remote users or authorized administrators. An attacker only needs the ability to submit a command through this interface; the injected code is then executed directly by the shell, resulting in full compromise of the system, including loss of confidentiality, integrity, and availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑published patch for the auto‑approval module as soon as one becomes available.
Disable or remove the auto‑approval functionality if it is not required, or restrict it to a strictly defined whitelist of safe commands using robust validation rather than regular expressions.
Enforce strict access controls so that only trusted administrators can submit commands via the module.
Monitor process execution logs for unexpected shell command patterns.
If a patch is not available in the short term, avoid using the auto‑approval module until the vulnerability is addressed.

Generated by OpenCVE AI on March 31, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/8
https://ridvay.com/

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Command Injection in Ridvay Code Auto‑Approval Module Enabling Remote Code Execution
Weaknesses		CWE-78

Tue, 31 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
References		https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/8 https://ridvay.com/

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-03-31T14:06:50.846Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30311

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-31T15:16:12.987

Modified: 2026-03-31T15:16:12.987

Link: CVE-2026-30311

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T19:56:59Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object