Roocode Roo_code

11 CVEs affecting Roocode Roo_code. Latest disclosed: 2026-03-30. Critical: 2, High: 7.

Top CVEs affecting Roocode Roo_code
CVESeverityScorePublishedSummary
CVE-2026-30307Critical9.82026-03-30Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffec…
CVE-2025-58371Critical9.82025-09-05Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request m…
CVE-2025-65946High8.12025-11-21Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo…
CVE-2025-58372High8.12025-09-05Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code worksp…
CVE-2025-58370High8.12025-09-05Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic wher…
CVE-2025-53536High8.12025-07-07Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to…
CVE-2025-53098High8.12025-06-27Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within t…
CVE-2025-58374High7.82025-09-06Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do n…
CVE-2025-54377High7.82025-07-23Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in it…
CVE-2025-53097Medium5.92025-06-27Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect t…
CVE-2025-58373Medium5.52025-09-05Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections…