Skip to main content

Cloud Cli

3 CVEs product

Monthly

CVE-2026-31975 npm CRITICAL PATCH Act Now

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-31862 npm CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-31861 npm HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command Injection Cloud Cli
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy