CVE-2025-65946

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Roo Code versions prior to 3.26.7

Description Roo Code, an AI-powered autonomous coding agent, had a validation error that allowed it to automatically execute commands not on the approved list of prefixes. This occurred in versions before 3.26.7. The issue was addressed with a patch in version 3.26.7.

Recommendations Update Roo Code to version 3.26.7 or later.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-77

Related Identifiers

CVE-2025-65946

GHSA-HWM7-W97P-4H8P

Affected Products

Robocode

CVE-2025-65946

Weakness Enumeration

Related Identifiers

Affected Products

References · 10