Cloud Cli

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-31862 CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-31861 HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31862
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
CVE-2026-31861
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy