CVE-2026-30302
Published: 27 March 2026
Summary
CVE-2026-30302 is a critical-severity OS Command Injection (CWE-78) vulnerability in Coderider-Kilo Coderider. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by enforcing validation of command inputs with platform-appropriate parsing to block malformed payloads exploiting parser-execution discrepancies.
Addresses the specific flaw in the Unix-based parser on Windows by requiring timely remediation such as patching or replacing the incompatible shell-quote library.
Restricts command inputs to validated whitelists, mitigating bypass attempts by limiting untrusted inputs before parsing in the auto-approval module.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of a public-facing application (T1190) for OS command injection via Windows CMD (T1059.003), bypassing whitelist for arbitrary RCE.
NVD Description
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows…
more
platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The CodeRider-Kilo parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check.
Deeper analysisAI
CVE-2026-30302 is an OS Command Injection vulnerability (CWE-78) in the command auto-approval module of CodeRider-Kilo. The flaw occurs due to the incorrect use of a Unix-based shell-quote library to parse commands on the Windows platform, which fails to properly handle Windows CMD-specific escape sequences such as ^. This discrepancy renders the whitelist security mechanism ineffective, allowing malicious commands to bypass validation despite appearing as legitimate whitelisted operations like Git commands.
Remote attackers require no privileges or user interaction to exploit the vulnerability, as indicated by its CVSS 3.1 score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). By constructing payloads such as "git log ^\" & malicious_command ^\"", attackers deceive the parser into treating the malicious connector (&) as part of a protected string argument, leading to auto-approval. The Windows CMD interpreter, however, ignores the escaped quotes and executes the injected command directly, enabling arbitrary remote code execution (RCE).
Mitigation details are available in the advisory referenced at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/3, published on 2026-03-27T16:16:23.210.
Details
- CWE(s)