Cyber Resilience

CVE-2026-30309

High

Published: 31 March 2026

Published
31 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30309 is a high-severity OS Command Injection (CWE-78) vulnerability in Tokfinity Infcode. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique PowerShell (T1059.001); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-30309 is a critical command filtering vulnerability (CWE-78, CVSS score 7.8; AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) affecting InfCode's terminal auto-execution module. The predefined blacklist fails to cover native high-risk commands in Windows PowerShell, such as "powershell," and the matching algorithm lacks dynamic semantic parsing, making it unable to detect obfuscations like string concatenation, variable assignment, or double-quote interpolation in Shell syntax. This renders the security mechanism completely ineffective against simple syntax obfuscation.

A local attacker can exploit this vulnerability by constructing a malicious file containing obfuscated instructions for remote code injection. When a user imports and views the file in the InfCode IDE, the Agent automatically executes the dangerous PowerShell commands outside the blacklist without user confirmation. Successful exploitation enables arbitrary command execution or sensitive data leakage.

References for this CVE include a GitHub issue in the Secsys-FDU/LLM-Tool-Calling-CVEs repository and the official InfCode website at tokfinity.com/infcode. No specific details on patches or mitigation steps are provided in the available information.

EU & UK References

Vulnerability details

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic…

more

parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
T1027.010 Command Obfuscation Stealth
Adversaries may obfuscate content during command execution to impede detection.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability directly bypasses PowerShell command filtering via syntax obfuscation (concatenation/variable interpolation), enabling automatic execution of attacker-supplied commands when a malicious file is opened/viewed in the IDE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-45322Shared CWE-78
CVE-2026-21267Shared CWE-78
CVE-2026-40029Shared CWE-78
CVE-2025-33206Shared CWE-78
CVE-2025-54072Shared CWE-78
CVE-2026-30312Shared CWE-78
CVE-2026-34982Shared CWE-78
CVE-2026-44465Shared CWE-78
CVE-2026-32948Shared CWE-78
CVE-2026-45369Shared CWE-78

Affected Assets

tokfinity
infcode
≤ 1.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validating command inputs from imported files to prevent execution of obfuscated PowerShell commands that bypass the ineffective blacklist.

prevent

Limits the terminal auto-execution module to least functionality, restricting or disabling unconfirmed command execution features vulnerable to filtering bypasses.

prevent

Enforces least privilege on the InfCode Agent process, reducing the impact of arbitrary PowerShell command execution triggered by file viewing.

References