CVE-2026-31861
published 2026-03-11CVE-2026-31861: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config…
PriorityP269high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
6.03%
92.5th percentile
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to child_process.exec(). The input is placed within double quotes and only " is escaped, but backticks (`), $() command substitution, and \ sequences are all interpreted within double-quoted strings in bash. This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint. This vulnerability is fixed in 1.24.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudcli | cloud_cli | < 1.24.0 | 1.24.0 |
| siteboon | claude-code-ui | >= 0 < 1.24.0 | 1.24.0 |
| siteboon | claudecodeui | < 1.24.0 | 1.24.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
osv·2026-03-10
CVE-2026-31861 [HIGH] @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
# Shell Command Injection in User Git Config Endpoint
| Field | Value |
|-------|-------|
| **Severity** | High |
| **CVSS 3.1** | 8.8 (High) — when chained with VULN-01 |
| **CWE** | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| **Attack Vector** | Network |
| **Authentication** | JWT required (bypassable via VULN-01) |
| **Affected Files** | `server/routes/user.js` (lines 58-59) |
## Description
The `/api/user/git-config` endpoint constructs shell commands by interpolating user-supplied `gitName` and `gitEmail` values into command strings passed to `child_process.exec()`. The input is placed within double quotes and only `"` is escaped, but backtick
GHSA
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
ghsa·2026-03-10
CVE-2026-31861 [HIGH] CWE-94 @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
# Shell Command Injection in User Git Config Endpoint
| Field | Value |
|-------|-------|
| **Severity** | High |
| **CVSS 3.1** | 8.8 (High) — when chained with VULN-01 |
| **CWE** | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| **Attack Vector** | Network |
| **Authentication** | JWT required (bypassable via VULN-01) |
| **Affected Files** | `server/routes/user.js` (lines 58-59) |
## Description
The `/api/user/git-config` endpoint constructs shell commands by interpolating user-supplied `gitName` and `gitEmail` values into command strings passed to `child_process.exec()`. The input is placed within double quotes and only `"` is escaped, but backtick
No detection rules found.
No public exploits indexed.
https://github.com/siteboon/claudecodeui/commit/86c33c1c0cb34176725a38f46960213714fc3e04https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0https://github.com/siteboon/claudecodeui/security/advisories/GHSA-7fv4-fmmc-86g2https://github.com/siteboon/claudecodeui/security/advisories/GHSA-7fv4-fmmc-86g2
2026-03-11
Published