Vulnerability-Lookup

CVE-2026-31862 (GCVE-0-2026-31862)

Vulnerability from cvelistv5 – Published: 2026-03-11 17:17 – Updated: 2026-03-12 14:22

Title

Cloud CLI has Command Injection via Multiple Parameters

Summary

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/siteboon/claudecodeui/security…	x_refsource_CONFIRM
	https://github.com/siteboon/claudecodeui/releases…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	siteboon	claudecodeui	Affected: < 1.24.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-12T14:21:55.099672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-12T14:22:04.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "claudecodeui",
          "vendor": "siteboon",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.24.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T17:17:47.941Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q"
        },
        {
          "name": "https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0"
        }
      ],
      "source": {
        "advisory": "GHSA-f2fc-vc88-6w7q",
        "discovery": "UNKNOWN"
      },
      "title": "Cloud CLI has Command Injection via Multiple Parameters"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-31862",
    "datePublished": "2026-03-11T17:17:47.941Z",
    "dateReserved": "2026-03-09T19:02:25.013Z",
    "dateUpdated": "2026-03-12T14:22:04.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-31862\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-11T18:16:25.073\",\"lastModified\":\"2026-03-17T19:04:29.000\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.\"},{\"lang\":\"es\",\"value\":\"Cloud CLI (tambi\u00e9n conocida como Claude Code UI) es una interfaz de usuario (UI) de escritorio y m\u00f3vil para Claude Code, Cursor CLI, Codex y Gemini-CLI. Antes de la versi\u00f3n 1.24.0, m\u00faltiples puntos finales de API relacionados con Git utilizan execAsync() con interpolaci\u00f3n de cadenas de par\u00e1metros controlados por el usuario (file, branch, message, commit), lo que permite a atacantes autenticados ejecutar comandos arbitrarios del sistema operativo. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.24.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.0\",\"matchCriteriaId\":\"7D084438-4C97-467F-8517-14FE6949B298\"}]}]}],\"references\":[{\"url\":\"https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31862\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-12T14:21:55.099672Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-12T14:21:59.501Z\"}}], \"cna\": {\"title\": \"Cloud CLI has Command Injection via Multiple Parameters\", \"source\": {\"advisory\": \"GHSA-f2fc-vc88-6w7q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"siteboon\", \"product\": \"claudecodeui\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.24.0\"}]}], \"references\": [{\"url\": \"https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q\", \"name\": \"https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0\", \"name\": \"https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-11T17:17:47.941Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-31862\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-12T14:22:04.149Z\", \"dateReserved\": \"2026-03-09T19:02:25.013Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-11T17:17:47.941Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-31862

Vulnerability from fkie_nvd - Published: 2026-03-11 18:16 - Updated: 2026-03-17 19:04

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0	Release Notes
	security-advisories@github.com	https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cloudcli	cloud_cli	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D084438-4C97-467F-8517-14FE6949B298",
              "versionEndExcluding": "1.24.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0."
    },
    {
      "lang": "es",
      "value": "Cloud CLI (tambi\u00e9n conocida como Claude Code UI) es una interfaz de usuario (UI) de escritorio y m\u00f3vil para Claude Code, Cursor CLI, Codex y Gemini-CLI. Antes de la versi\u00f3n 1.24.0, m\u00faltiples puntos finales de API relacionados con Git utilizan execAsync() con interpolaci\u00f3n de cadenas de par\u00e1metros controlados por el usuario (file, branch, message, commit), lo que permite a atacantes autenticados ejecutar comandos arbitrarios del sistema operativo. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.24.0."
    }
  ],
  "id": "CVE-2026-31862",
  "lastModified": "2026-03-17T19:04:29.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-11T18:16:25.073",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-F2FC-VC88-6W7Q

Vulnerability from github – Published: 2026-03-11 00:25 – Updated: 2026-03-11 20:45

Summary

@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Details

Summary

Multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands.

Details

The claudecodeui application provides Git integration through various API endpoints. These endpoints accept user-controlled parameters such as file paths, branch names, commit messages, and commit hashes, which are directly interpolated into shell command strings passed to execAsync().

The application attempts to escape double quotes in some parameters, but this protection is trivially bypassable using other shell metacharacters such as:

Command substitution: $(command) or `command` Command chaining: ;, &&, || Newlines and other control characters

Affected Endpoints

GET /api/git/diff - file parameter GET /api/git/status - file parameter POST /api/git/commit - files array and message parameter POST /api/git/checkout - branch parameter POST /api/git/create-branch - branch parameter GET /api/git/commits - commit hash parameter GET /api/git/commit-diff - commit parameter

Vulnerable Code

File: server/routes/git.js

// Line 205 - git status with file parameter
const { stdout: statusOutput } = await execAsync(
  `git status --porcelain "${file}"`,  // INJECTION via file
  { cwd: projectPath }
);

// Lines 375-379 - git commit with files array and message
for (const file of files) {
  await execAsync(`git add "${file}"`, { cwd: projectPath });  // INJECTION via files[]
}
const { stdout } = await execAsync(
  `git commit -m "${message.replace(/"/g, '\\"')}"`,  // INJECTION via message (bypass with $())
  { cwd: projectPath }
);

// Lines 541-543 - git show with commit parameter (no quotes!)
const { stdout } = await execAsync(
  `git show ${commit}`,  // INJECTION via commit
  { cwd: projectPath }
);

Impact

Remote Code Execution as the Node.js process user
Full server compromise
Data exfiltration
Supply chain attacks - modify committed code to inject malware

Fix

Commit: siteboon/claudecodeui@55567f4

Root cause remediation

All vulnerable execAsync() calls have been replaced with the existing spawnAsync() helper (which uses child_process.spawn with shell: false). Arguments are passed as an array directly to the OS — shell metacharacters in user input are inert.

Endpoints patched in server/routes/git.js:

GET /api/git/diff — file (4 calls)
GET /api/git/file-with-diff — file (3 calls)
POST /api/git/commit — files[], message
POST /api/git/checkout — branch
POST /api/git/create-branch — branch
GET /api/git/commits — commit.hash
GET /api/git/commit-diff — commit
POST /api/git/generate-commit-message — file
POST /api/git/discard — file (3 calls)
POST /api/git/delete-untracked — file
POST /api/git/publish — branch

A strict allowlist regex (/^[0-9a-f]{4,64}$/i) was also added to validate the commit parameter in /api/git/commit-diff before it reaches the git process.

Before / After

// BEFORE — shell interprets the string, injection possible
const { stdout } = await execAsync(`git show ${commit}`, { cwd: projectPath });

// AFTER — no shell, args passed directly to the process
const { stdout } = await spawnAsync('git', ['show', commit], { cwd: projectPath });

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.23.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@siteboon/claudecodeui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T00:25:43Z",
    "nvd_published_at": "2026-03-11T18:16:25Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nMultiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands.\n\n### Details\nThe claudecodeui application provides Git integration through various API endpoints. These endpoints accept user-controlled parameters such as file paths, branch names, commit messages, and commit hashes, which are directly interpolated into shell command strings passed to execAsync().\n\nThe application attempts to escape double quotes in some parameters, but this protection is trivially bypassable using other shell metacharacters such as:\n\nCommand substitution: $(command) or \\`command\\`\nCommand chaining: ;, \u0026\u0026, ||\nNewlines and other control characters\n\n### Affected Endpoints\n`GET /api/git/diff - file parameter`\n`GET /api/git/status - file parameter`\n`POST /api/git/commit - files array and message parameter`\n`POST /api/git/checkout - branch parameter`\n`POST /api/git/create-branch - branch parameter`\n`GET /api/git/commits - commit hash parameter`\n`GET /api/git/commit-diff - commit parameter`\n\n### Vulnerable Code\n\nFile: server/routes/git.js\n```\n// Line 205 - git status with file parameter\nconst { stdout: statusOutput } = await execAsync(\n  `git status --porcelain \"${file}\"`,  // INJECTION via file\n  { cwd: projectPath }\n);\n```\n```\n// Lines 375-379 - git commit with files array and message\nfor (const file of files) {\n  await execAsync(`git add \"${file}\"`, { cwd: projectPath });  // INJECTION via files[]\n}\nconst { stdout } = await execAsync(\n  `git commit -m \"${message.replace(/\"/g, \u0027\\\\\"\u0027)}\"`,  // INJECTION via message (bypass with $())\n  { cwd: projectPath }\n);\n```\n```\n// Lines 541-543 - git show with commit parameter (no quotes!)\nconst { stdout } = await execAsync(\n  `git show ${commit}`,  // INJECTION via commit\n  { cwd: projectPath }\n);\n```\n\n### Impact\n- Remote Code Execution as the Node.js process user\n- Full server compromise\n- Data exfiltration\n- Supply chain attacks - modify committed code to inject malware\n\n---\n\n### Fix\n\n**Commit:** siteboon/claudecodeui@55567f4\n\n#### Root cause remediation\n\nAll vulnerable `execAsync()` calls have been replaced with the existing `spawnAsync()` helper (which uses `child_process.spawn` with `shell: false`). Arguments are passed as an array directly to the OS \u2014 shell metacharacters in user input are inert.\n\n**Endpoints patched in `server/routes/git.js`:**\n\n- `GET /api/git/diff` \u2014 `file` (4 calls)\n- `GET /api/git/file-with-diff` \u2014 `file` (3 calls)\n- `POST /api/git/commit` \u2014 `files[]`, `message`\n- `POST /api/git/checkout` \u2014 `branch`\n- `POST /api/git/create-branch` \u2014 `branch`\n- `GET /api/git/commits` \u2014 `commit.hash`\n- `GET /api/git/commit-diff` \u2014 `commit`\n- `POST /api/git/generate-commit-message` \u2014 `file`\n- `POST /api/git/discard` \u2014 `file` (3 calls)\n- `POST /api/git/delete-untracked` \u2014 `file`\n- `POST /api/git/publish` \u2014 `branch`\n\nA strict allowlist regex (`/^[0-9a-f]{4,64}$/i`) was also added to validate the `commit` parameter in `/api/git/commit-diff` before it reaches the git process.\n\n#### Before / After\n\n```js\n// BEFORE \u2014 shell interprets the string, injection possible\nconst { stdout } = await execAsync(`git show ${commit}`, { cwd: projectPath });\n\n// AFTER \u2014 no shell, args passed directly to the process\nconst { stdout } = await spawnAsync(\u0027git\u0027, [\u0027show\u0027, commit], { cwd: projectPath });\n```",
  "id": "GHSA-f2fc-vc88-6w7q",
  "modified": "2026-03-11T20:45:24Z",
  "published": "2026-03-11T00:25:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31862"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siteboon/claudecodeui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-31862 (GCVE-0-2026-31862)

FKIE_CVE-2026-31862

GHSA-F2FC-VC88-6W7Q

Summary

Details

Affected Endpoints

Vulnerable Code

Impact

Fix

Root cause remediation

Before / After

Tags

Sightings

Nomenclature