11 matches found
CVE-2025-58371
CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...
CVE-2025-53098
Roo Code prior to version 3.20.3 stores the MCP configuration in .roo/mcp.json. The MCP config format allows executing arbitrary commands, enabling an attacker who can submit prompts (e.g., via prompt injection) and who has MCP enabled and auto-approve file writes turned on to inject a malicious ...
CVE-2025-53536
Roo Code (AI-powered autonomous coding agent) prior to version 3.22.6 is affected. If a victim had the Write auto-approved mode, an attacker who can submit prompts could write to VS Code settings files and trigger code execution. A concrete example is the php.validate.executablePath setting, wher...
CVE-2025-58372
Roo Code CVE-2025-58372 affects versions ≤3.25.23 where certain VS Code workspace files (.code-workspace) aren’t protected like the .vscode folder. If auto-approve for file writes is enabled and prompts are manipulated (e.g., via prompt injection), an attacker could write malicious workspace sett...
CVE-2025-65946
Roo Code (AI-powered coding agent) had a validation error before version 3.26.7 that could cause it to automatically execute commands not on the allowed prefixes list. The issue has been patched in version 3.26.7. Affected CVE-2025-65946 entries from multiple feeds confirm the vulnerability and p...
CVE-2025-53097
Roo Code extension (pre-3.20.3) allowed read access via the search_files tool outside the VS Code workspace, enabling potential data exposure if an attacker injects prompts. The attacker could exfiltrate data by writing to a JSON schema when the schema-fetch feature is enabled by default, trigger...
CVE-2025-58373
Roo Code (editor-integrated AI coding agent) versions 3.25.23 and earlier contain a symlink-based bypass of the .rooignore protections. An attacker with write access to the workspace could trick the extension into reading files that should be excluded (for example, .env or other configuration dat...
CVE-2025-58374
Summary (CVE-2025-58374): Roo Code versions 3.25.23 and earlier allow an auto-approved npm install that can execute a repository’s postinstall script, enabling arbitrary code execution. Root cause: npm install is in the default auto-approve list, so malicious postinstall scripts run without user ...
CVE-2025-54377
CVE-2025-54377 affects Roo Code. In versions 3.23.18 and earlier, Roo Code fails to validate line breaks in command input, allowing multi-line command injection by smuggling additional commands beyond the first line during evaluation. The issue stems from missing parsing/validation logic for inpu...
CVE-2025-58370
Roo Code (AI-powered coding agent) versions prior to 3.26.0 contain a vulnerability in the command parsing logic where Bash parameter expansion and indirect references are not handled correctly. If prompts allow auto-approval of commands, an attacker who can influence prompts could cause the agen...
CVE-2026-30307
Summary: CVE-2026-30307 affects Roo Code’s command auto-approval module. The vulnerability stems from parsing command structures with fragile regular expressions that do not account for Shell command substitution (e.g., $(...) and backticks). An attacker can craft a command like: git log --grep="...