{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30305", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T17:54:58.551Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T19:39:53.648Z"}, "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://syntx.dev/"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T17:53:55.044520Z", "id": "CVE-2026-30305", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:54:58.551Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T17:53:55.044520Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:54:51.314Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://syntx.dev/"}, {"url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}], "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T19:39:53.648Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30305", "state": "PUBLISHED", "dateUpdated": "2026-04-01T17:54:58.551Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:orangecat:syntx:*:*:*:*:*:*:*:*", "matchCriteriaId": "C007E1E0-65F2-4954-BCEC-CD58C6C23CA6", "versionEndIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."}, {"lang": "es", "value": "El m\u00f3dulo de autoaprobaci\u00f3n de comandos de Syntx contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en expresiones regulares fr\u00e1giles para analizar estructuras de comandos; si bien intenta interceptar operaciones peligrosas, no tiene en cuenta la sintaxis est\u00e1ndar de sustituci\u00f3n de comandos de Shell (espec\u00edficamente $(...) y acentos graves ...). Un atacante puede construir un comando como 'git log --grep=\"$(malicious_command)\"', lo que obliga a Syntx a identificarlo err\u00f3neamente como una operaci\u00f3n git segura y aprobarlo autom\u00e1ticamente. La Shell subyacente prioriza la ejecuci\u00f3n del c\u00f3digo malicioso inyectado dentro de los argumentos, lo que resulta en ejecuci\u00f3n remota de c\u00f3digo sin ninguna interacci\u00f3n del usuario."}], "id": "CVE-2026-30305", "lastModified": "2026-04-08T16:01:38.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T20:16:21.087", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://syntx.dev/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "command_auto_approval_module", "vendor": "syntx"}], "analysis": {"en": {"generated_at": "2026-04-08T17:56:16.563729+00:00", "value": {"mitigation_remediation": ["Apply the latest Syntx patch that corrects the auto\u2011approval regex and disallows shell substitution syntax.", "If a patch is unavailable, disable the auto\u2011approval feature or restrict it to a tightly defined whitelist of safe commands.", "Sanitize and validate all command inputs to ensure that shell substitution characters are prohibited.", "Configure the Syntx process to run with the minimum necessary privileges, limiting the scope of any potential exploitation.", "Monitor and audit command execution logs for anomalous patterns and set up alerts for suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the Syntx application from OrangeCat, as identified by the corresponding CPE. All releases that include the auto\u2011approval command module are potentially affected; specific version information is not provided, so any Syntx deployment should be considered at risk until verified otherwise.", "description_and_impact": "The Syntx auto\u2011approval module relies on fragile regular expressions to whitelist command structures, but it does not filter standard shell substitution syntax such as $(\u2026) or backticks. An attacker can craft a command like git log --grep=\"$(malicious_command)\" that the module mistakenly treats as a safe Git operation and automatically approves it. The underlying shell then executes the injected code, giving the attacker arbitrary execution privileges on the host. This flaw is a classic command injection vulnerability, classified as CWE\u201194, and leads to complete compromise of confidentiality, integrity and availability of the affected system.", "risk_and_exploitability": "With a CVSS score of 9.8 the flaw is considered catastrophic, enabling attackers to gain system\u2011level control. The EPSS score of less than 1% suggests that widespread exploitation is currently low, but the high severity and lack of a KEV listing do not mitigate the potential for targeted attacks. Exploitation likely occurs by submitting maliciously crafted commands to the auto\u2011approval interface, causing the shell to execute the payload without user interaction. The impact would be uncontrolled remote code execution."}}}}, "created": "2026-03-30T20:56:14.936902+00:00", "updated": "2026-04-08T20:00:50.218365+00:00", "vendors": ["syntx", "syntx$PRODUCT$command_auto_approval_module"]}