{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30309", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-31T15:15:28.893Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-31T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T13:48:10.148Z"}, "descriptions": [{"lang": "en", "value": "InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tokfinity.com/infcode"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T15:13:25.258792Z", "id": "CVE-2026-30309", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:15:28.893Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30309", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T15:13:25.258792Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:11:13.504Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.tokfinity.com/infcode"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11"}], "descriptions": [{"lang": "en", "value": "InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T13:48:10.148Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30309", "state": "PUBLISHED", "dateUpdated": "2026-03-31T15:15:28.893Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-31T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tokfinity:infcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3D12CD1-2D4A-40B2-B18B-A5CCB61891E4", "versionEndIncluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage."}], "id": "CVE-2026-30309", "lastModified": "2026-04-14T15:49:43.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T15:16:12.863", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/11"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.tokfinity.com/infcode"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "infcode", "vendor": "tokfinity"}], "analysis": {"en": {"generated_at": "2026-04-14T18:10:15.193363+00:00", "value": {"mitigation_remediation": ["Verify whether your InfCode installation includes the vulnerable terminal module and update to the latest release once a vendor fix is available.", "If possible, disable the terminal auto\u2011execution feature or enforce a stricter command whitelist to block PowerShell execution.", "Avoid importing files from untrusted sources and monitor file\u2011open activity for suspicious commands.", "Contact Tokfinity support for specific advisories or mitigations and keep an eye on security announcements."], "summary": {"action": "Assess Impact", "impact": "Arbitrary PowerShell command execution"}, "threat_synthesis": {"affected_systems": "Tokfinity InfCode software \u2013 any release containing the terminal auto\u2011execution feature is vulnerable. No specific version numbers are listed, but the issue affects all builds that include this module.", "description_and_impact": "A flaw in InfCode\u2019s terminal auto\u2011execution module disables its blacklist filtering, allowing malicious PowerShell commands to run without user consent. The filtration logic fails to block high\u2011risk commands such as \"powershell\" and cannot detect obfuscation techniques like string concatenation, variable assignment, or double\u2011quote interpolation. Attackers can embed these commands in a file that, when opened in the IDE, causes the Agent to execute them, leading to arbitrary code execution or sensitive data leakage.", "risk_and_exploitability": "The CVSS score of 7.8 categorizes the vulnerability as high severity, yet the <1% EPSS score suggests that exploitation is presently unlikely. It is not listed in the CISA KEV catalog, so no widespread exploitation has been documented. The attack is inferred to be a local or supply\u2011chain vector: an attacker must supply a crafted file that a user imports into the IDE; no remote network entry is described."}}}}, "created": "2026-03-31T19:56:59.967712+00:00", "updated": "2026-04-15T16:45:09.790358+00:00", "vendors": ["tokfinity", "tokfinity$PRODUCT$infcode"]}