CVE-2026-30305
Published: 30 March 2026
Summary
CVE-2026-30305 is a critical-severity Code Injection (CWE-94) vulnerability in Orangecat Syntx. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-30305 is a critical OS command injection vulnerability in Syntx's command auto-approval module. The flaw renders the module's whitelist security mechanism ineffective due to fragile regular expressions used to parse command structures. These regex patterns fail to account for standard Shell command substitution syntax, such as $(...) and backticks, allowing attackers to bypass intended safeguards that aim to intercept dangerous operations.
The vulnerability enables remote attackers with no privileges or user interaction to achieve remote code execution. An attacker can craft a seemingly benign command, such as git log --grep="$(malicious_command)", which Syntx misidentifies as a safe git operation and automatically approves. The underlying Shell then prioritizes and executes the injected malicious code within the arguments. This is reflected in the CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-94 (Improper Control of Generation of Code).
For mitigation details, refer to advisories in the GitHub issue at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5 and the vendor site at https://syntx.dev/. The vulnerability was published on 2026-03-30.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17186
Vulnerability details
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to…
more
account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote OS command injection via shell substitution bypass, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the command injection vulnerability by requiring robust validation of command inputs to detect and reject shell substitution syntax like $(...) and backticks.
Enforces restrictions on command inputs to block shell metacharacters and patterns that bypass the whitelist's fragile regex parsing.
Limits system functionality to only essential commands, reducing the attack surface for injecting malicious code within approved operations like git log.