CVE-2026-30304: In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute al
highvulnerabilityLLM-Specific
security
Summary
AI Code has a feature that automatically runs terminal commands (direct instructions to a computer's operating system) if it thinks they're safe, but an attacker can use prompt injection (tricking an AI by hiding instructions in its input) to disguise malicious commands as safe ones, causing them to execute without user approval.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 27, 2026
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-30304
First tracked: March 27, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%