{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30313", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:02:43.962Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T20:28:40.832Z"}, "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/necboy/cline-DSAI"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:01:59.801092Z", "id": "CVE-2026-30313", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:02:43.962Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30313", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:02:43.962Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T20:28:40.832Z"}, "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/necboy/cline-DSAI"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:01:59.801092Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:02:33.935Z"}}]}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}, {"lang": "es", "value": "El m\u00f3dulo de autoaprobaci\u00f3n de comandos de DSAI-Cline contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en el an\u00e1lisis de cadenas para validar comandos; si bien intercepta operadores peligrosos como ;, &&, ||, | y patrones de sustituci\u00f3n de comandos, no tiene en cuenta los caracteres de nueva l\u00ednea sin procesar incrustados en la entrada. Un atacante puede construir una carga \u00fatil incrustando una nueva l\u00ednea literal entre un comando de lista blanca y c\u00f3digo malicioso (por ejemplo, git log malicious_command), lo que obliga a DSAI-Cline a identificarlo err\u00f3neamente como una operaci\u00f3n segura y aprobarlo autom\u00e1ticamente. El int\u00e9rprete de PowerShell subyacente trata la nueva l\u00ednea como un separador de comandos, ejecutando ambos comandos secuencialmente, lo que resulta en ejecuci\u00f3n remota de c\u00f3digo sin ninguna interacci\u00f3n del usuario."}], "id": "CVE-2026-30313", "lastModified": "2026-04-01T19:16:30.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T21:17:09.230", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}, {"source": "cve@mitre.org", "url": "https://github.com/necboy/cline-DSAI"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T05:41:47.848776+00:00", "value": {"mitigation_remediation": ["Identify all installations of the DSAI-Cline command auto\u2011approval module", "Disable or restrict auto\u2011approval functionality until a patch is available", "Patch the module or update to a newer version once a vendor fix is released", "Remove newline characters from command input validation logic", "Implement strict command whitelisting without relying on string parsing", "Monitor logs for unauthorized command execution attempts"], "summary": {"action": "Apply Fix", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "DSAI-Cline\u2019s command auto\u2011approval module is affected. Specific vendor and product names are not listed, and no version details are provided. The flaw likely exists in all deployed versions of the module that use this validation approach.", "description_and_impact": "The vulnerability is an OS command injection flaw in DSAI-Cline\u2019s command auto\u2011approval module. The module validates input by string\u2011based parsing and blocks many dangerous operators, but it ignores raw newline characters. An attacker can embed a literal newline between an allowed command and additional malicious code, causing the PowerShell interpreter to treat them as separate commands. This results in the execution of arbitrary commands without any user interaction.", "risk_and_exploitability": "The CVE does not have an EPSS score or KEV listing, but the description indicates a high severity Remote Code Execution risk. Attack likely requires remote access to the system that receives user-supplied commands, with most exploits exploiting the newline injection path. No official patch is referenced, so the likelihood of exploitation remains high until a fix is deployed."}}}}, "created": "2026-03-31T20:00:20.259834+00:00", "title": "OS Command Injection via Newline Injection in DSAI-Cline Command Auto\u2011Approval Module", "updated": "2026-03-31T20:00:20.259860+00:00", "vendors": [], "weaknesses": ["CWE-78"]}