CVE-2026-30311

Name of the Vulnerable Software and Affected Versions Ridvay Code (affected versions not specified)

Description The command auto-approval module in Ridvay Code has a critical OS command injection issue that bypasses its whitelist security. The system uses weak regular expressions to analyze commands, failing to prevent Shell command substitution using $(...) and backticks (...). An attacker can inject malicious code into commands, such as git log --grep="$(malicious command)", which the system incorrectly identifies as safe, leading to Remote Code Execution without user interaction. The whitelist security mechanism is ineffective. The vulnerable component relies on fragile regular expressions to parse command structures. The underlying Shell prioritizes the execution of the malicious code injected within the arguments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.