CVE-2026-30310 describes a vulnerability in the Sixth system's design for automatic terminal command execution. Sixth provides two execution modes: one that automatically runs commands deemed safe by an AI model, and another that requires user approval for commands considered potentially destructive. The vulnerability arises because the AI model can be tricked via prompt injection attacks, where an attacker wraps malicious commands in a generic template that causes the model to misclassify them as safe. This misclassification bypasses the user approval step, enabling arbitrary command execution without user consent. The root cause is the reliance on AI judgment without sufficient safeguards or validation mechanisms to detect crafted malicious inputs. This flaw allows attackers to execute arbitrary commands on the host system, potentially leading to unauthorized access, data manipulation, or system compromise. No specific affected versions or patches are currently documented, and no known exploits have been observed in the wild. The vulnerability highlights the risks of integrating AI models for security-critical decision-making without robust adversarial resistance. Organizations using Sixth's automatic command execution feature must be aware of this risk and implement compensating controls.

The impact of CVE-2026-30310 is significant for organizations relying on Sixth's automatic terminal command execution, especially in environments where commands are executed without manual oversight. Successful exploitation allows attackers to execute arbitrary commands on the target system, potentially leading to full system compromise, data theft, or disruption of services. Confidentiality is at risk as attackers can access sensitive data; integrity is compromised through unauthorized command execution altering system state; availability may be affected if destructive commands are executed. The ease of exploitation is moderate since it requires crafting prompt injections that deceive the AI model, but no user interaction is needed once the attack is launched. The scope includes any system using the vulnerable execution mode, potentially spanning development, production, and critical infrastructure environments. This vulnerability could be leveraged for lateral movement, privilege escalation, or persistent access within targeted networks, increasing its threat to organizational security.

To mitigate CVE-2026-30310, organizations should immediately disable or restrict the use of the 'Execute safe commands' automatic mode in Sixth until a secure patch or update is available. Implement strict input validation and sanitization to detect and block prompt injection patterns before commands reach the AI model. Employ multi-factor decision logic that combines AI judgment with rule-based or whitelist approaches to reduce reliance on model classification alone. Introduce logging and monitoring of all automated command executions to detect anomalous or unexpected behaviors. Conduct adversarial testing against the AI model to identify and harden against prompt injection vectors. Where possible, require explicit user approval for all commands, especially those with system-level impact. Maintain up-to-date backups and incident response plans to recover from potential compromises. Engage with the vendor for patches or updates addressing this vulnerability and apply them promptly once available.