CVE-2026-30352
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk45th percentile — higher than 45% of all known CVEs
Summary
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code by providing a crafted command parameter.
Risk Assessment
An attacker can remotely take over the server, execute arbitrary system commands, leading to full system compromise, data theft, or further attacks on the infrastructure.
Recommendation
Immediately update leonvanzyl autocoder to the latest version that fixes this vulnerability, or apply temporary mitigations such as input validation and sanitization of the command parameter.
Original NVD description (English source)
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

