AI Code Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in AI Code versions through 3.12.4. The issue arises in the tool's command execution design, which includes options to execute safe commands automatically or to require user approval for potentially destructive commands. This design is vulnerable to prompt injection attacks, where an attacker can manipulate the model into misclassifying malicious commands as safe, thereby bypassing user approval and allowing arbitrary command execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Added: Mar 27, 2026, 3:54 PM

Updated: Mar 27, 2026, 3:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AI Code Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating