CVE-2026-30306

Name of the Vulnerable Software and Affected Versions SakaDev (affected versions not specified)

Description SakaDev’s automatic terminal command execution feature, designed with ‘safe’ and ‘all commands’ options, is prone to prompt injection attacks. The system aims to automatically execute commands deemed safe by its model, requiring user approval for potentially destructive commands. However, an attacker can bypass this safety mechanism by crafting prompts that mislead the model into classifying malicious commands as safe, leading to arbitrary command execution. The design flaw allows attackers to use a generic template to wrap malicious commands, circumventing the user approval requirement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.