CVE-2025-58370: Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerab
Summary
Roo Code is an AI tool that automatically writes code in your editor, but versions before 3.26.0 have a security flaw in how it parses commands (reads and interprets instructions). If someone configures the tool to automatically run commands without checking them first, an attacker could trick it into running extra harmful commands by manipulating the input the AI receives.
Solution / Mitigation
Update to version 3.26.0 or later.
Vulnerability Details
8.1(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-58370
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%