Every CVE whose affected-product data names Roocode Roo Code, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-30307 — CVSS 9.8 (critical): Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security…
CVE-2025-58371 — CVSS 9.8 (critical): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used…
CVE-2025-53098 — CVSS 8.1 (high): Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the…
CVE-2025-58370 — CVSS 8.1 (high): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the…
CVE-2025-58372 — CVSS 8.1 (high): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where…
CVE-2025-65946 — CVSS 8.1 (high): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it…
CVE-2025-53536 — CVSS 8.1 (high): Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability…
CVE-2025-54377 — CVSS 7.8 (high): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate…
CVE-2025-58374 — CVSS 7.8 (high): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of…
CVE-2025-53097 — CVSS 5.9 (medium): Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files`…
CVE-2025-58373 — CVSS 5.5 (medium): Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where…