Product
roocode roo code
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-30307
CVE-2025-65946
CVE-2025-58374
CVE-2025-58373
CVE-2025-58372
CVE-2025-58371
CVE-2025-58370
CVE-2025-54377
CVE-2025-53536
CVE-2025-53098
CVE-2025-53097
<= 3.46.1
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security
< 3.26.7
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in valida
< 3.26.0
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list
< 3.26.0
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability
< 3.26.0
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability
< 3.26.7
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow us
< 3.26.0
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in t
< 3.23.19
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not va
< 3.22.6
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the
< 3.20.3
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the
< 3.20.3
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_