Skip to main content

Claude HUD EUVDEUVD-2026-30800

| CVE-2026-47091 MEDIUM
Path Traversal (CWE-22)
2026-05-18 VulnCheck GHSA-4524-x6pc-rr9x
4.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
May 18, 2026 - 20:32 vuln.today
Analysis Generated
May 18, 2026 - 20:32 vuln.today
Severity Changed
May 18, 2026 - 20:22 NVD
LOW MEDIUM
CVSS changed
May 18, 2026 - 20:22 NVD
3.3 (LOW) 4.8 (MEDIUM)

DescriptionCVE.org

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a persistent cache file with insufficient permissions, creating a forensic record of accessed paths that survives process exit.

AnalysisAI

Path traversal in Claude HUD through version 0.0.12 permits local low-privileged attackers to read arbitrary files by supplying a crafted transcript_path value via stdin JSON, bypassing all path validation. Beyond direct file read access, the application writes file metadata - including the accessed paths - to a persistent cache file with insufficiently restrictive permissions, leaving a forensic record readable by other local users that survives process termination. No public exploit code has been identified at time of analysis; CVSS 4.0 scores this 4.8 (Medium) reflecting local-only reach, and a vendor patch is available at commit 234d9aa.

Technical ContextAI

Claude HUD (CPE: cpe:2.3:a:jarrodwatts:claude-hud:*:*:*:*:*:*:*:*) is a Node.js terminal overlay tool for Claude Code sessions that accepts structured JSON over stdin, including a transcript_path field pointing to a Claude conversation transcript. Prior to commit 234d9aa, this path was passed directly to file-reading functions in src/transcript.ts without canonicalization or directory-boundary enforcement - a textbook CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) root cause. The PR diff confirms the fix introduces canonicalizeTranscriptPath() using fs.realpathSync() to resolve symlinks and normalize traversal sequences, and resolvePathWithinCwd() which checks that the resolved absolute path does not escape the working directory via path.relative() prefix inspection. A secondary weakness was that writeTranscriptCache() called fs.writeFileSync() without an explicit mode, leaving cache file permissions subject to the process umask and potentially world-readable; the fix enforces { mode: 0o600 }. The same PR also adds sanitization of control and Unicode BiDi characters in display output and tightens hyperlink URI allowlists to https: and file: protocols.

RemediationAI

Apply the upstream patch from commit 234d9aad919b51326a43bcf90b45ae35c23afc30 (https://github.com/jarrodwatts/claude-hud/commit/234d9aad919b51326a43bcf90b45ae35c23afc30), which resolves the path traversal by introducing fs.realpathSync() canonicalization and cwd-boundary enforcement before processing any transcript_path value, and hardens cache file creation to use mode: 0o600. Users should build from the patched commit directly, as a tagged stable release incorporating this fix has not been independently confirmed; monitor https://github.com/jarrodwatts/claude-hud/releases for a versioned release. As an immediate compensating control where patching is not feasible, restrict which users can invoke Claude HUD or write to its stdin - since exploitation requires local access and stdin control, tightening process invocation permissions meaningfully reduces the attack surface, at the trade-off of limiting who can use the tool. Additionally, audit and restrict permissions on existing Claude HUD cache directories to prevent secondary path-metadata disclosure from pre-patch cache files already on disk. Full patch details are in PR https://github.com/jarrodwatts/claude-hud/pull/487.

Share

EUVD-2026-30800 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy