CVE-2026-30312 - Vulnerability Details

Description

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.

Published: 2026-03-31

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability allows an attacker to inject arbitrary operating system commands by embedding a newline character into input that the application processes as a single whitelisted command. The command auto‑approval module disregards raw newline characters, causing the PowerShell interpreter to treat the newline as a command separator and execute both the whitelisted command and any following malicious code. As a result, an attacker can achieve Remote Code Execution on the host without user interaction.

Affected Systems

The defect resides in the command auto‑approval module of the DSAI‑Cline system. No explicit vendor or product versions are listed in the advisory, so the vulnerability applies to all deployments of that module where the newline bypass has not been mitigated.

Risk and Exploitability

The risk is high due to the remote code execution capability and the lack of any known public patches. While no EPSS score or KEV listing is available, the attack surface is likely exposed to any user capable of submitting commands to the auto‑approval mechanism. An attacker can construct a payload such as 'git log malicious_command' to trick the system into executing arbitrary code. The vulnerability therefore carries a high likelihood of exploitation in environments where the module is enabled.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Disable the command auto‑approval module to prevent the flaw from being triggered until a fix is available.
Apply any vendor‑issued patch or update that addresses the instruction injection issue as soon as it is released.
Remove or tightly restrict newline characters or other command separators from user input before it is passed to the PowerShell interpreter.
Limit the privileges granted to PowerShell when executing user‑supplied commands.
Review logs for anomalous command execution and audit the system regularly.

Generated by OpenCVE AI on March 31, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9
https://github.com/necboy/cline-DSAI

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Command Injection Vulnerability in DSAI-Cline Auto-Approval Module
Weaknesses		CWE-20 CWE-78

Tue, 31 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, \|\|, \|, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
References		https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9 https://github.com/necboy/cline-DSAI

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-03-31T13:41:56.256Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30312

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-31T15:16:13.110

Modified: 2026-03-31T15:16:13.110

Link: CVE-2026-30312

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T19:56:58Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object