Cyber Posture

CVE-2026-30305

Critical

Published: 30 March 2026

Published
30 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0049 65.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to…

more

account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the command injection vulnerability by requiring robust validation of command inputs to detect and reject shell substitution syntax like $(...) and backticks.

SI-9 Information Input Restrictions partial match
prevent

Enforces restrictions on command inputs to block shell metacharacters and patterns that bypass the whitelist's fragile regex parsing.

CM-7 Least Functionality partial match
prevent

Limits system functionality to only essential commands, reducing the attack surface for injecting malicious code within approved operations like git log.

Security SummaryAI

CVE-2026-30305 is a critical OS command injection vulnerability in Syntx's command auto-approval module. The flaw renders the module's whitelist security mechanism ineffective due to fragile regular expressions used to parse command structures. These regex patterns fail to account for standard Shell command substitution syntax, such as $(...) and backticks, allowing attackers to bypass intended safeguards that aim to intercept dangerous operations.

The vulnerability enables remote attackers with no privileges or user interaction to achieve remote code execution. An attacker can craft a seemingly benign command, such as git log --grep="$(malicious_command)", which Syntx misidentifies as a safe git operation and automatically approves. The underlying Shell then prioritizes and executes the injected malicious code within the arguments. This is reflected in the CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-94 (Improper Control of Generation of Code).

For mitigation details, refer to advisories in the GitHub issue at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5 and the vendor site at https://syntx.dev/. The vulnerability was published on 2026-03-30.

Details

CWE(s)
CWE-94

Affected Products

orangecat
syntx
≤ 2.5.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

CVE enables unauthenticated remote OS command injection via shell substitution bypass, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References