CNNVD-202509-710 Information

CNNVD ID

CNNVD-202509-710

Related CVE

CVE-2025-58370

• CNNVD Published: 2025-09-05

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.26.0之前版本存在操作系统命令注入漏洞，该漏洞源于命令解析逻辑错误，可能导致执行任意命令。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. There was a loophole in the operating system order in the pre-Roo Code 3.26.0, which resulted from a logical error in the order resolution, which could lead to the execution of an arbitrary order.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Roo Code

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-2rm5-cvcm-7592 https://access.redhat.com/security/cve/cve-2025-58370

Patch

https://github.com/RooCodeInc/Roo-Code/releases