HAI Build Code Generator Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in HAI Build Code Generator versions through 3.13.3. The issue arises in the tool's automatic terminal command execution feature, which includes options to execute safe commands or all commands. Commands deemed safe by the model are executed automatically, while potentially destructive commands require user approval. However, this design is vulnerable to prompt injection attacks. An attacker can use a generic template to disguise malicious commands as safe, bypassing the approval process and allowing arbitrary command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host system.

Added: Mar 30, 2026, 9:36 PM

Updated: Mar 30, 2026, 9:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HAI Build Code Generator Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating