Home / Vulnerability Intelligence / CVE-2026-30303

CVE-2026-30303 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 30, 2026

Axon Code - OS Command Injection

Published: March 27, 2026Updated: March 30, 2026Remote Exploitable

Overview

Axon Code contains an OS command injection caused by improper command parsing on Windows in the auto-approval module, letting attackers execute arbitrary commands remotely, exploit requires crafted command input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 34.8%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version with fixed command parsing or apply patches addressing Windows CMD escape sequence handling.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 27, 2026

🔴 CVE-2026-30303 - Critical (9.8) The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30303/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30303
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed
EPSS: 34.8%
Social Posts: 1

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

34.8%Probability of exploitation in the next 30 days