Critical Command Injection Vulnerability in claude-hovercraft Allows Unauthenticated RCE
A critical command injection vulnerability in claude-hovercraft's executeClaudeCode method, tracked as CVE-2025-15060, allows unauthenticated remote attackers to execute arbitrary code with a CVSS score of 9.9.8.
A critical command injection vulnerability has been disclosed in claude-hovercraft, a tool designed to enable AI agents to execute code on a host system. The flaw, tracked as CVE-2025-15060 and assigned a CVSS score of 9.8, allows unauthenticated remote attackers to execute arbitrary code on affected installations. The vulnerability was reported by Peter Girnus of Trend Research and publicly disclosed on February 25, 2026, through the Zero Day Initiative (ZDI-26-124).
The specific flaw resides in the implementation of the `executeClaudeCode` method. According to the advisory, the issue stems from the lack of proper validation of a user-supplied string before it is used to execute a system call. This oversight enables an attacker to inject arbitrary commands, which are then executed in the context of the service account running the claude-hovercraft application. No authentication is required to exploit this vulnerability, making it particularly dangerous for any internet-exposed instances.
The impact of successful exploitation is severe, as an attacker can gain full control over the affected system, including the ability to read, modify, or delete data, install malware, or pivot to other systems within the network. The CVSS vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores the critical nature of the flaw, indicating network-based exploitation with low complexity and no required privileges or user interaction.
The affected repository has been removed, according to the advisory, which suggests that the project may have been taken down or made private to prevent further exploitation. However, this action does not protect systems that have already deployed the software. Users and organizations that have integrated claude-hovercraft into their environments should immediately assess their exposure and take steps to isolate or remove the affected component.
As of the disclosure date, no official patch has been released, and the removal of the repository leaves users with limited options. The primary mitigation is to disable or remove claude-hovercraft from any production systems until a secure alternative or update becomes available. Network segmentation and strict access controls can help reduce the attack surface, but given the unauthenticated remote nature of the exploit, the safest course is to assume any instance is compromised.
This vulnerability highlights the risks associated with AI-powered code execution tools, which are increasingly used to automate tasks but can introduce critical security gaps if not carefully designed. The lack of input validation in a method that directly interfaces with system commands is a fundamental security oversight. As AI agents become more prevalent in development and operations workflows, vendors must prioritize secure coding practices to prevent similar flaws.
The disclosure timeline shows that the vulnerability was reported to the vendor on October 6, 2025, and the coordinated public release occurred on February 25, 2026. The four-month window between reporting and disclosure suggests that the vendor was unable to produce a fix before the repository was removed. Organizations relying on claude-hovercraft should monitor for any updates or advisories from the project maintainers and consider alternative solutions that undergo regular security audits.