CVE-2026-30308

Name of the Vulnerable Software and Affected Versions HAI Build Code Generator (affected versions not specified)

Description The software’s design for automatic terminal command execution, offering ‘Execute safe commands’ and ‘Execute all commands’ options, is susceptible to prompt injection attacks. The ‘Execute safe commands’ option, intended to automatically execute only commands deemed safe by the model, can be bypassed. An attacker can use a template to disguise malicious commands as safe, circumventing the user approval requirement and enabling arbitrary command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.