{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:51:46.528","vulnerabilities":[{"cve":{"id":"CVE-2026-30305","sourceIdentifier":"cve@mitre.org","published":"2026-03-30T20:16:21.087","lastModified":"2026-04-08T16:01:38.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep=\"$(malicious_command)\", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction."},{"lang":"es","value":"El módulo de autoaprobación de comandos de Syntx contiene una vulnerabilidad crítica de inyección de comandos del sistema operativo que hace que su mecanismo de seguridad de lista blanca sea completamente ineficaz. El sistema se basa en expresiones regulares frágiles para analizar estructuras de comandos; si bien intenta interceptar operaciones peligrosas, no tiene en cuenta la sintaxis estándar de sustitución de comandos de Shell (específicamente $(...) y acentos graves ...). Un atacante puede construir un comando como 'git log --grep=\"$(malicious_command)\"', lo que obliga a Syntx a identificarlo erróneamente como una operación git segura y aprobarlo automáticamente. La Shell subyacente prioriza la ejecución del código malicioso inyectado dentro de los argumentos, lo que resulta en ejecución remota de código sin ninguna interacción del usuario."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:orangecat:syntx:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.0","matchCriteriaId":"C007E1E0-65F2-4954-BCEC-CD58C6C23CA6"}]}]}],"references":[{"url":"https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/5","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://syntx.dev/","source":"cve@mitre.org","tags":["Broken Link"]}]}}]}