CVE-2026-31862

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0	Release Notes
https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-11 18:16

Updated : 2026-03-17 19:04

NVD link : CVE-2026-31862

Mitre link : CVE-2026-31862

CVE.ORG link : CVE-2026-31862

JSON object : View

Products Affected

cloudcli

cloud_cli

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-31862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-11T18:16:25.073", "references": [{"url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0."}, {"lang": "es", "value": "Cloud CLI (tambi\u00e9n conocida como Claude Code UI) es una interfaz de usuario (UI) de escritorio y m\u00f3vil para Claude Code, Cursor CLI, Codex y Gemini-CLI. Antes de la versi\u00f3n 1.24.0, m\u00faltiples puntos finales de API relacionados con Git utilizan execAsync() con interpolaci\u00f3n de cadenas de par\u00e1metros controlados por el usuario (file, branch, message, commit), lo que permite a atacantes autenticados ejecutar comandos arbitrarios del sistema operativo. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.24.0."}], "lastModified": "2026-03-17T19:04:29.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D084438-4C97-467F-8517-14FE6949B298", "versionEndExcluding": "1.24.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}