CVE-2025-65946

High CVSS: 8.1

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7.

Vendor

Roocode

Product

Roo Code

CWE

CWE-20

Yayın Tarihi

2025-11-21 23:15:45

Güncelleme

2025-12-04 16:02:39

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Roo Code HIGH Roocode 2025

Referanslar

https://github.com/RooCodeInc/Roo-Code/commit/b50104cc5987ce64f5154309d967ae8c74cfd1f3 https://github.com/RooCodeInc/Roo-Code/pull/7667 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-hwm7-w97p-4h8p

Benzer Kayıtlar

Critical

CVE-2026-30307

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelis…

High

CVE-2025-58374

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a def…

High

CVE-2025-58370

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerab…

Critical

CVE-2025-58371

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github w…

High

CVE-2025-58372

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vul…

Medium

CVE-2025-58373

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vul…