CVE-2026-30310

Name of the Vulnerable Software and Affected Versions Sixth (affected versions not specified)

Description The software features automatic terminal command execution with two modes: 'Execute safe commands' and 'Execute all commands'. The 'Execute safe commands' mode is designed to automatically run commands deemed safe by the model, requiring user approval for potentially destructive commands. However, this design is prone to prompt injection attacks. An attacker can use a template to disguise malicious commands as 'safe' commands, bypassing the approval requirement and enabling arbitrary command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.