{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30313", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:02:43.962Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T20:28:40.832Z"}, "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/necboy/cline-DSAI"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:01:59.801092Z", "id": "CVE-2026-30313", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:02:43.962Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30313", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:02:43.962Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T20:28:40.832Z"}, "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/necboy/cline-DSAI"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:01:59.801092Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:02:33.935Z"}}]}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cline:cline:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F2D265D-27A6-4037-B0AC-C85E27D00E31", "versionEndIncluding": "1.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction."}, {"lang": "es", "value": "El m\u00f3dulo de autoaprobaci\u00f3n de comandos de DSAI-Cline contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en el an\u00e1lisis de cadenas para validar comandos; si bien intercepta operadores peligrosos como ;, &&, ||, | y patrones de sustituci\u00f3n de comandos, no tiene en cuenta los caracteres de nueva l\u00ednea sin procesar incrustados en la entrada. Un atacante puede construir una carga \u00fatil incrustando una nueva l\u00ednea literal entre un comando de lista blanca y c\u00f3digo malicioso (por ejemplo, git log malicious_command), lo que obliga a DSAI-Cline a identificarlo err\u00f3neamente como una operaci\u00f3n segura y aprobarlo autom\u00e1ticamente. El int\u00e9rprete de PowerShell subyacente trata la nueva l\u00ednea como un separador de comandos, ejecutando ambos comandos secuencialmente, lo que resulta en ejecuci\u00f3n remota de c\u00f3digo sin ninguna interacci\u00f3n del usuario."}], "id": "CVE-2026-30313", "lastModified": "2026-04-08T15:38:06.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T21:17:09.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/necboy/cline-DSAI"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "cline-dsai", "vendor": "necboy"}], "analysis": {"en": {"generated_at": "2026-04-08T16:53:14.619910+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011issued patch or update that corrects newline handling in DSAI\u2011Cline\u2019s auto\u2011approval logic.", "Until a patch is available, disable the auto\u2011approval feature or restrict its use to commands that cannot contain newline characters.", "Implement input sanitization to strip or escape raw newline characters before constructing the command.", "Monitor system logs for unexpected command execution and review configurations that might allow command injection."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerable component is the auto\u2011approval function of the DSAI\u2011Cline product. No specific version numbers are listed, so any installation that includes this component may be exposed.", "description_and_impact": "DSAI\u2011Cline\u2019s auto\u2011approval module contains a critical OS command injection flaw that disables its whitelist security. The module parses command strings and blocks dangerous operators such as ';', '&&', '||', '|', and command substitution, but fails to sanitize literal newline characters. An attacker can craft a payload that inserts a newline between a whitelisted command and malicious code, causing the underlying PowerShell interpreter to treat the newline as a command separator and execute both commands. This results in Remote Code Execution without any user interaction.", "risk_and_exploitability": "The vulnerability has a CVSS score of 9.8, indicating a high severity impact. The EPSS score of less than 1% suggests a low probability of exploitation in the current threat landscape, and it is not yet listed in the CISA KEV catalog. Exploitation requires the attacker to provide input to the auto\u2011approval interface, which could be via an API, script, or other integration. The requirement for such access limits immediate surface exposure, but the potential for remote code execution makes the risk critical."}}}}, "created": "2026-03-31T20:00:20.259834+00:00", "updated": "2026-04-08T20:00:47.099668+00:00", "vendors": ["necboy", "necboy$PRODUCT$cline-dsai"]}