216.73.217.64

CVE-2025-65946

· Published 21/11/2025 23:15 · Modified 04/12/2025 16:02

Labels: CVE-2025-65946 2025-11-21CVE-2025-65946CWE-20CWE-77[email protected]

Essential information

Published
21/11/2025 23:15
Modified
04/12/2025 16:02
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
roocode / roo code cpe:2.3:a:roocode:roo_code:*:*:*:*:*:*:*:*

References