CVE-2026-30309
Published: 31 March 2026
Summary
CVE-2026-30309 is a high-severity OS Command Injection (CWE-78) vulnerability in Tokfinity Infcode. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique PowerShell (T1059.001); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-30309 is a critical command filtering vulnerability (CWE-78, CVSS score 7.8; AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) affecting InfCode's terminal auto-execution module. The predefined blacklist fails to cover native high-risk commands in Windows PowerShell, such as "powershell," and the matching algorithm lacks dynamic semantic parsing, making it unable to detect obfuscations like string concatenation, variable assignment, or double-quote interpolation in Shell syntax. This renders the security mechanism completely ineffective against simple syntax obfuscation.
A local attacker can exploit this vulnerability by constructing a malicious file containing obfuscated instructions for remote code injection. When a user imports and views the file in the InfCode IDE, the Agent automatically executes the dangerous PowerShell commands outside the blacklist without user confirmation. Successful exploitation enables arbitrary command execution or sensitive data leakage.
References for this CVE include a GitHub issue in the Secsys-FDU/LLM-Tool-Calling-CVEs repository and the official InfCode website at tokfinity.com/infcode. No specific details on patches or mitigation steps are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17421
Vulnerability details
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic…
more
parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly bypasses PowerShell command filtering via syntax obfuscation (concatenation/variable interpolation), enabling automatic execution of attacker-supplied commands when a malicious file is opened/viewed in the IDE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validating command inputs from imported files to prevent execution of obfuscated PowerShell commands that bypass the ineffective blacklist.
Limits the terminal auto-execution module to least functionality, restricting or disabling unconfirmed command execution features vulnerable to filtering bypasses.
Enforces least privilege on the InfCode Agent process, reducing the impact of arbitrary PowerShell command execution triggered by file viewing.