Cyber Resilience

CVE-2026-30311

CriticalRCE

Published: 31 March 2026

Published
31 March 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0166 73.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30311 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ridvay Auto-Approval Module. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30311 is a critical OS command injection vulnerability (CWE-78) in Ridvay Code's command auto-approval module, published on 2026-03-31 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The module employs fragile regular expressions to enforce a whitelist security mechanism by parsing command structures and intercepting dangerous operations. However, it fails to account for standard shell command substitutions, such as $(...) and backticks, rendering the whitelist completely ineffective.

The vulnerability enables remote attackers with no privileges or user interaction to achieve remote code execution. Exploitation involves constructing a malicious command, such as git log --grep="$(malicious_command)", which the system misidentifies as a safe git operation and automatically approves. The underlying shell then prioritizes execution of the injected malicious code within the arguments.

Advisories and further details, including potential patches or mitigations, are referenced at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/8 and https://ridvay.com/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails…

more

to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CVE enables unauthenticated remote code execution through OS command injection exploiting shell substitutions in a public-facing module's whitelist, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30314Same product: Ridvay Auto-Approval Module
CVE-2018-25115Shared CWE-78
CVE-2025-24382Shared CWE-78
CVE-2026-29058Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2024-46484Shared CWE-78
CVE-2015-10145Shared CWE-78
CVE-2020-37002Shared CWE-78
CVE-2026-27848Shared CWE-78
CVE-2025-0356Shared CWE-78

Affected Assets

ridvay
auto-approval module
≤ 0.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements input validation at command entry points to reject or sanitize shell substitutions like $(...) and backticks, directly preventing the OS command injection vulnerability.

prevent

Mandates timely flaw remediation to patch the fragile regex whitelist in the command auto-approval module, eliminating the specific bypass enabling RCE.

prevent

Enforces least privilege on the command execution process, limiting the scope and impact of RCE even if injection occurs.

References