VYPR
← All advisories
Critical severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

Cloud CLI has Command Injection via Multiple Parameters

CVE-2026-31862

Description

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cloud CLI (Claude Code UI) prior to 1.24.0 allows authenticated attackers to execute arbitrary OS commands through Git API endpoints that unsafely interpolate user input into shell commands via execAsync().

Vulnerability

Analysis

CVE-2026-31862 describes a command injection vulnerability in the Cloud CLI (Claude Code UI) application, versions prior to 1.24.0. The root cause is the unsafe use of execAsync() with string interpolation of user-controlled parameters across multiple Git-related API endpoints. Parameters such as file paths, branch names, commit messages, and commit hashes are directly concatenated into shell command strings without adequate sanitization [2]. While the application attempts to escape double quotes in some parameters, this protection is trivially bypassed using other shell metacharacters like command substitution ($() or backticks), command chaining (;, &&, ||), or newlines [3].

Exploitation

Scenario

An authenticated attacker can exploit this flaw by crafting a malicious request to any of the affected endpoints—such as GET /api/git/diff, POST /api/git/commit, or GET /api/git/commits—and injecting commands into the file, branch, message, or commit parameters. For example, the vulnerable code in server/routes/git.js shows that a git status --porcelain "${file}" call directly interpolates the file parameter without proper escaping, allowing an attacker to break out of the intended command string with a payload like $(malicious_command) [3]. No additional authentication beyond a valid session is required, as the endpoints are part of the application's standard Git integration [1].

Impact

Successful exploitation results in remote code execution as the Node.js process user, potentially leading to full server compromise. An attacker could exfiltrate sensitive data, modify or delete files, or perform supply chain attacks by injecting malicious code into committed changes [3]. The vulnerability is rated with high severity, though a CVSS 4.0 vector has not yet been assigned by NVD [2].

Mitigation

The vulnerability is fixed in version 1.24.0, released on March 11, 2026 [4]. Users are strongly advised to upgrade immediately. No workarounds have been publicly documented, and the application's open-source nature allows for direct patching of the affected endpoints by sanitizing user input through parameterized commands or using safer alternatives to execAsync() [1][3].

References
  1. GitHub - siteboon/claudecodeui: Use Claude Code, Cursor CLI or Codex on mobile and web with CloudCLI (aka Claude Code UI). CloudCLI is a free open source webui/GUI that helps you manage your Claude Code session and projects remotely
  2. NVD - CVE-2026-31862
  3. Command Injection via GIT endpoint
  4. Release CloudCLI UI v1.24.0 · siteboon/claudecodeui

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@siteboon/claudecodeuinpm
< 1.24.01.24.0

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.