CRITICAL · CVSS 9.0
Class vulnerability — AI agent shell execution scope creep
AI agents with shell-execution capability + production credentials = SaaStr-Lemkin / PocketOS-class disasters.
Affects
- Cline + Continue + Claude Code agent mode + Cursor agent mode without scope-locks
What an attacker does
Agent receives ambiguous instructions, executes destructive shell command (rm -rf, DROP TABLE) without per-step approval.
How to detect
Audit agent-tool catalog: which tools have shell-execution scope?
How to fix
agent-scope crate's compile-time guards + scope-lock at credential-issuance + Plan-Mode-equivalent must fail-closed
Securie findingcritical · CVSS 9.0
CVE-2024-XXXXHow Securie catches CVE-2024-XXXX
Securie's agent-scope crate enforces compile-time guards on AI-agent destructive operations.
Scan my repo for CVE-2024-XXXX →Securie scans every PR · free during early access