Is this vulnerability remotely exploitable?

It can be, depending on how SakaDev is used. If an attacker can control any text the model reads—such as repository content, documentation, tickets, or direct chat input—they may influence the model to generate and auto-approve malicious commands without needing direct shell access.

What level of access does an attacker need to exploit this?

The attacker needs the ability to inject content into the model's context. This could be via a pull request, an issue, a file in the repository, or any other channel that SakaDev ingests. They do not necessarily need direct access to the underlying machine or shell.

What is the safest general fix pattern for this issue?

Do not rely on LLM judgment as the final gatekeeper for command execution. Restrict auto-execution to a narrowly defined, allowlisted set of non-destructive operations enforced by a host-side policy engine, and require explicit human confirmation for anything outside that set.

Severity:

CRITICAL RISK

(9.8)

Prompt-Injection-Driven Code Execution (CWE-94) in SakaDev Auto-Execute Terminal Feature

CVE-2026-30306

Published:

Mar 30, 2026

Status:

Undergoing Analysis

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-77;CWE-78

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in Totolink A7100RU setGameSpeedCfg CGI Handler

Remote Code Execution on the Router

April 6, 2026

CWE-77;CWE-78

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in Totolink A7100RU setFirewallType Handler

Remote Code Execution on Router Firmware

April 6, 2026

Vulnerability Type

Category:

Code Injection via Model-Guided Command Execution

CWE:

CWE-94

Impact:

Arbitrary Command Execution / Remote Code Execution

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.1

Vulnerability Type

Category:

Code Injection via Model-Guided Command Execution

CWE:

CWE-94

Impact:

Arbitrary Command Execution / Remote Code Execution

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Prompt-Injection-Driven Code Execution (CWE-94) in SakaDev Auto-Execute Terminal Feature

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in Totolink A7100RU setGameSpeedCfg CGI Handler

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in Totolink A7100RU setFirewallType Handler

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare