Cyber Resilience

CVE-2026-30313

CriticalRCE

Published: 30 March 2026

Published
30 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0115 62.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30313 is a critical-severity Code Injection (CWE-94) vulnerability in Cline Cline. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30313 is a critical OS command injection vulnerability in DSAI-Cline's command auto-approval module. The flaw stems from the module's reliance on string-based parsing for whitelist validation, which blocks certain dangerous operators like ;, &&, ||, |, and command substitution patterns but fails to handle raw newline characters embedded in input. This allows attackers to insert a literal newline between a whitelisted command and malicious code, such as "git log" followed by a newline and the payload, causing the system to misparse it as safe and auto-approve execution. The underlying PowerShell interpreter interprets the newline as a command separator, executing both parts sequentially.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-94 (Improper Control of Generation of Code). It can be exploited remotely by unauthenticated attackers with low complexity and no user interaction, leading to full remote code execution on the affected system.

Further details, advisories, and potential patches are documented in the referenced repositories: https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/9 and https://github.com/necboy/cline-DSAI. The vulnerability was published on 2026-03-30.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and…

more

command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing application (T1190) via OS command injection in a PowerShell interpreter (T1059.001), leading to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-44211Same product: Cline Cline
CVE-2026-41229Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2026-40563Shared CWE-94
CVE-2024-32641Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-2052Shared CWE-94
CVE-2026-9170Shared CWE-94
CVE-2025-54451Shared CWE-94
CVE-2025-50692Shared CWE-94

Affected Assets

cline
cline
≤ 1.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validating command inputs to the auto-approval module, preventing injection attacks exploiting unhandled newline characters.

preventrecover

Requires timely remediation of the specific command injection flaw through identification, patching, and verification of updates.

prevent

Enforces least privilege on the PowerShell process executing approved commands, limiting the scope and impact of injected malicious code.

References