Description
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
Published: 2026-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The DSAI-Cline command auto‑approval module contains an operating‑system command injection flaw. The security check relies on string parsing that removes known dangerous operators but neglects newline characters. An attacker can inject a real newline after a whitelisted command, causing the system to treat the following text as a separate command executed by PowerShell. This leads to execution of arbitrary commands without user interaction, compromising confidentiality, integrity, and availability of the host.

Affected Systems

The vulnerability is found in DSAI‑Cline’s auto‑approval feature. No specific product release or version is indicated, so any deployment relying on this module is potentially affected until an update is applied.

Risk and Exploitability

With a CVSS score of 9.8, the flaw is classified as critical, and the EPSS score of <1 % indicates a low probability of exploitation by attackers in the wild. The vulnerability is not listed in the CISA KEV catalog, but the high severity and ability to trigger arbitrary code underscore the need for urgent mitigation. The attack vector is inferred to be local input to the auto‑approval service, and the exploit requires only that the attacker can supply a payload via the standard command interface.

Generated by OpenCVE AI on April 2, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the vendor‑issued patch or update to a version that removes the newline‑based injection issue.
  • Disable the auto‑approval feature until a secure patch is applied.
  • Implement a strict whitelist that excludes newline characters from command inputs and verifies the entirety of the command string against allowed patterns.
  • Configure the environment to restrict PowerShell execution policies or to run the service with limited privileges.
  • Monitor system logs for unusual command execution patterns and maintain an incident response plan.

Generated by OpenCVE AI on April 2, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Newline in DSAI‑Cline Auto‑Approval Module
First Time appeared Necboy
Necboy dsaic-line
Vendors & Products Necboy
Necboy dsaic-line

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in DSAI-Cline Auto-Approval Module
Weaknesses CWE-20

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in DSAI-Cline Auto-Approval Module
Weaknesses CWE-20
CWE-78

Tue, 31 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
References

Subscriptions

Necboy Dsaic-line
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T18:37:51.891Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30312

cve-icon Vulnrichment

Updated: 2026-04-01T18:37:45.771Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T15:16:13.110

Modified: 2026-04-01T19:16:30.667

Link: CVE-2026-30312

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:37Z

Weaknesses