CVE-2026-30309 in InfCodeinformación

Resumen (Inglés)

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.

Responsable

MITRE

Reservar

2026-03-04

Divulgación

2026-03-31

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
354394InfCode escalada de privilegios94No está definidoNo está definidoCVE-2026-30309

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!