CVE Catalog

CVE-2026-30352

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.62%

45th percentile — higher than 45% of all known CVEs

Summary

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code by providing a crafted command parameter.

Risk Assessment

An attacker can remotely take over the server, execute arbitrary system commands, leading to full system compromise, data theft, or further attacks on the infrastructure.

Recommendation

Immediately update leonvanzyl autocoder to the latest version that fixes this vulnerability, or apply temporary mitigations such as input validation and sanitization of the command parameter.

Original NVD description (English source)

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS