Roocode Roo_code
11 CVEs affecting Roocode Roo_code. Latest disclosed: 2026-03-30. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30307 | Critical | 9.8 | 2026-03-30 | Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffec… |
CVE-2025-58371 | Critical | 9.8 | 2025-09-05 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request m… |
CVE-2025-65946 | High | 8.1 | 2025-11-21 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo… |
CVE-2025-58372 | High | 8.1 | 2025-09-05 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code worksp… |
CVE-2025-58370 | High | 8.1 | 2025-09-05 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic wher… |
CVE-2025-53536 | High | 8.1 | 2025-07-07 | Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to… |
CVE-2025-53098 | High | 8.1 | 2025-06-27 | Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within t… |
CVE-2025-58374 | High | 7.8 | 2025-09-06 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do n… |
CVE-2025-54377 | High | 7.8 | 2025-07-23 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in it… |
CVE-2025-53097 | Medium | 5.9 | 2025-06-27 | Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect t… |
CVE-2025-58373 | Medium | 5.5 | 2025-09-05 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections… |