CVE-2026-30313 - Vulnerability Details

Description

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.

Published: 2026-03-30

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an OS command injection flaw in DSAI-Cline’s command auto‑approval module. The module validates input by string‑based parsing and blocks many dangerous operators, but it ignores raw newline characters. An attacker can embed a literal newline between an allowed command and additional malicious code, causing the PowerShell interpreter to treat them as separate commands. This results in the execution of arbitrary commands without any user interaction.

Affected Systems

DSAI-Cline’s command auto‑approval module is affected. Specific vendor and product names are not listed, and no version details are provided. The flaw likely exists in all deployed versions of the module that use this validation approach.

Risk and Exploitability

The CVE does not have an EPSS score or KEV listing, but the description indicates a high severity Remote Code Execution risk. Attack likely requires remote access to the system that receives user-supplied commands, with most exploits exploiting the newline injection path. No official patch is referenced, so the likelihood of exploitation remains high until a fix is deployed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Identify all installations of the DSAI-Cline command auto‑approval module
Disable or restrict auto‑approval functionality until a patch is available
Patch the module or update to a newer version once a vendor fix is released
Remove newline characters from command input validation logic
Implement strict command whitelisting without relying on string parsing
Monitor logs for unauthorized command execution attempts

Generated by OpenCVE AI on March 31, 2026 at 05:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00157.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9
https://github.com/necboy/cline-DSAI

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		OS Command Injection via Newline Injection in DSAI-Cline Command Auto‑Approval Module
Weaknesses		CWE-78

Tue, 31 Mar 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description		DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, \|\|, \|, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
References		https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9 https://github.com/necboy/cline-DSAI

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-30T00:00:00.000Z

Updated: 2026-03-30T20:28:40.832Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30313

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-30T21:17:09.230

Modified: 2026-03-30T21:17:09.230

Link: CVE-2026-30313

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:00:20Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object