{"data":{"id":"33bf8dd7-998d-43e7-9103-745754973a29","title":"CVE-2025-65946: Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error","summary":"Roo Code is an AI-powered coding agent that runs inside code editors. Before version 3.26.7, a validation error allowed Roo to automatically execute commands that weren't on an allow list (a list of approved commands), which is a type of command injection vulnerability (where attackers trick a system into running unintended commands).","solution":"Update to version 3.26.7 or later. According to the source, 'This issue has been patched in version 3.26.7.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-65946","publishedAt":"2025-11-21T23:15:45.170Z","cveId":"CVE-2025-65946","cweIds":["CWE-20","CWE-77","CWE-77"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Roo Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00168,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}