Description
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
Published: 2026-03-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

DSAI‑Cline’s auto‑approval module contains a critical OS command injection flaw that disables its whitelist security. The module parses command strings and blocks dangerous operators such as ';', '&&', '||', '|', and command substitution, but fails to sanitize literal newline characters. An attacker can craft a payload that inserts a newline between a whitelisted command and malicious code, causing the underlying PowerShell interpreter to treat the newline as a command separator and execute both commands. This results in Remote Code Execution without any user interaction.

Affected Systems

The vulnerable component is the auto‑approval function of the DSAI‑Cline product. No specific version numbers are listed, so any installation that includes this component may be exposed.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, indicating a high severity impact. The EPSS score of less than 1% suggests a low probability of exploitation in the current threat landscape, and it is not yet listed in the CISA KEV catalog. Exploitation requires the attacker to provide input to the auto‑approval interface, which could be via an API, script, or other integration. The requirement for such access limits immediate surface exposure, but the potential for remote code execution makes the risk critical.

Generated by OpenCVE AI on April 8, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or update that corrects newline handling in DSAI‑Cline’s auto‑approval logic.
  • Until a patch is available, disable the auto‑approval feature or restrict its use to commands that cannot contain newline characters.
  • Implement input sanitization to strip or escape raw newline characters before constructing the command.
  • Monitor system logs for unexpected command execution and review configurations that might allow command injection.

Generated by OpenCVE AI on April 8, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Newline in DSAI-Cline Auto-Approval

Wed, 08 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Cline
Cline cline
CPEs cpe:2.3:a:cline:cline:*:*:*:*:*:*:*:*
Vendors & Products Cline
Cline cline

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Newline in DSAI-Cline Auto-Approval
First Time appeared Necboy
Necboy cline-dsai
Vendors & Products Necboy
Necboy cline-dsai

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Newline Injection in DSAI-Cline Command Auto‑Approval Module
Weaknesses CWE-78

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Newline Injection in DSAI-Cline Command Auto‑Approval Module
Weaknesses CWE-78

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
References

Subscriptions

Cline Cline
Necboy Cline-dsai
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T18:02:43.962Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30313

cve-icon Vulnrichment

Updated: 2026-04-01T18:02:33.935Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T21:17:09.230

Modified: 2026-04-08T15:38:06.820

Link: CVE-2026-30313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:47Z

Weaknesses