CNNVD-202509-709 Information

CNNVD ID

CNNVD-202509-709

Related CVE

CVE-2025-58371

• CNNVD Published: 2025-09-05

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.26.6及之前版本存在操作系统命令注入漏洞，该漏洞源于工作流未清理输入，可能导致远程代码执行。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. Roo Code 3.26.6 and previous versions had a gap in the operating system commands, which stemmed from uncleaned workflow input and could lead to remote code implementation.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

Roo Code

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/commit/a0384f35d5ae3b7f66506cc62dda25d9bb673f49 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-xr6r-vj48-29f6 https://access.redhat.com/security/cve/cve-2025-58371

Patch

https://github.com/RooCodeInc/Roo-Code/releases