CVE-2026-47090

Vulnerability

Description Claude HUD through version 0.0.12 constructs OSC 8 terminal hyperlink escape sequences using raw values from cwd and branchUrl without stripping control characters or encoding embedded values. This allows attackers to inject arbitrary ANSI escape sequences, including ESC+backslash sequences, into terminal sessions. The vulnerability is fixed in commit 234d9aa, which introduces sanitization of control characters and validates URI protocols before hyperlink creation [1][2].

Exploitation

An attacker can embed malicious ANSI codes in the current working directory (e.g., directory name) or branch URL (e.g., repository name) that a victim interacts with via Claude HUD. When the victim clicks a hyperlink rendered by the tool, the injected codes execute. No authentication is required, only user interaction with the terminal. The attack surface includes any scenario where an attacker-controlled string can become the cwd or branchUrl (e.g., cloned repositories or manipulated branch names) [3][4].

Impact

Successful exploitation enables arbitrary ANSI code execution, including text color changes, forged prompts to trick the user, OSC 52 clipboard writes that can read the system clipboard, and outbound HTTP requests to attacker-controlled remotes when hyperlinks are clicked. This could lead to credential theft, exfiltration of sensitive data, or further compromise of the victim's system [3][4].

Mitigation

The vulnerability is patched in commit 234d9aa of the claude-hud repository. Users should upgrade to the latest version (0.0.13 or higher) immediately. There is no known workaround for this issue. The maintainers have released a fix that sanitizes display text and restricts hyperlink URIs to HTTPS and file: protocols [1][2].