CVE-2026-47091

Vulnerability

Details

Claude HUD up to version 0.0.12 contains a path traversal vulnerability in its handling of the transcript_path parameter received via stdin JSON. The application fails to validate or sanitize the provided path, allowing an attacker to supply arbitrary file paths (e.g., using ../ sequences) [4]. The root cause is the lack of a allowlist or boundary check on the file path before file system operations.

Exploitation

An attacker can exploit this by sending a crafted JSON input containing a transcript_path that points to any file readable by the process. No authentication is required beyond the ability to provide stdin input to the Claude HUD process [3]. For example, supplying /etc/passwd as the path would allow reading that system file.

Impact

Successful exploitation allows an attacker to read arbitrary files on the system. Additionally, the file metadata (path, size, modification time) is written to a persistent cache file with insufficient permissions, creating a forensic record of accessed paths that survives process exit [4]. This could expose sensitive information and leave traces of the attack.

Mitigation

The vulnerability is patched in commit 234d9aa, which adds input validation and path resolution checks to ensure only files within the expected directory are accessible [2]. Users should update to a version containing this fix. No workarounds are available for unpatched versions [1].