{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30305", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T17:54:58.551Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T19:39:53.648Z"}, "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://syntx.dev/"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T17:53:55.044520Z", "id": "CVE-2026-30305", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:54:58.551Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T17:53:55.044520Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:54:51.314Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://syntx.dev/"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}], "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T19:39:53.648Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30305", "state": "PUBLISHED", "dateUpdated": "2026-04-01T17:54:58.551Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}, {"lang": "es", "value": "El m\u00f3dulo de autoaprobaci\u00f3n de comandos de Syntx contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en expresiones regulares fr\u00e1giles para analizar estructuras de comandos; si bien intenta interceptar operaciones peligrosas, no tiene en cuenta la sintaxis est\u00e1ndar de sustituci\u00f3n de comandos de Shell (espec\u00edficamente $(...) y acentos graves ...). Un atacante puede construir un comando como 'git log --grep=\"$(malicious_command)\"', lo que obliga a Syntx a identificarlo err\u00f3neamente como una operaci\u00f3n git segura y aprobarlo autom\u00e1ticamente. La Shell subyacente prioriza la ejecuci\u00f3n del c\u00f3digo malicioso inyectado dentro de los argumentos, lo que resulta en ejecuci\u00f3n remota de c\u00f3digo sin ninguna interacci\u00f3n del usuario."}], "id": "CVE-2026-30305", "lastModified": "2026-04-01T18:16:28.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T20:16:21.087", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}, {"source": "cve@mitre.org", "url": "https://syntx.dev/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-30T20:25:00.028916+00:00", "value": {"mitigation_remediation": ["Verify if an updated release of Syntx addresses the regex flaw and apply that patch;", "If no patch is available, disable the command auto\u2011approval feature or enforce strict input validation so that only pre\u2011approved, non\u2011variable git commands are allowed;", "Audit logs for unexpected git commands and monitor for signs of unauthorized shell execution;", "Consider removing any shell command substitution capability from trusted input sources until a proper fix is in place."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Syntx\u2019s command auto\u2011approval feature is affected. No vendor product naming or version details were supplied, indicating that the weakness exists in the Syntx platform\u2019s current implementation of the auto\u2011approval component.", "description_and_impact": "The vulnerability arises from Syntx\u2019s command auto\u2011approval module using fragile regular expressions to parse shell commands. The module mistakenly treats dangerous Shell substitution syntax\u2014such as $(\u2026) or backticks\u2014as benign, allowing an attacker to embed arbitrary shell code inside a seemingly safe git command. When the system authorizes the command, the underlying shell executes the injected payload, giving the attacker unrestricted command execution on the host without any user interaction.", "risk_and_exploitability": "The vulnerability is severe, with a potential for full system compromise, and the exploitation path requires only the ability to submit a command string to the module. Because no user confirmation is needed, an adversary with such access can achieve remote code execution. While CVSS and EPSS scores are not listed, the lack of mitigation in the auto\u2011approval logic and the lack of a KEV entry suggest that the threat is real and could be leveraged in the wild. Exploitation appears straightforward once the string injection is possible, making it a high\u2011risk vulnerability."}}}}, "created": "2026-03-30T20:56:14.936902+00:00", "title": "OS Command Injection via Weak Shell Parsing in Syntx Command Auto-Approval", "updated": "2026-03-30T20:56:14.936928+00:00", "vendors": [], "weaknesses": ["CWE-78"]}