CVE-2026-31862
Cloud · Cloud CLI (Claude Code UI)
The Cloud CLI utility is vulnerable to OS command injection via improper sanitization of Git-related API parameters, allowing authenticated attackers to execute arbitrary system commands.
Executive summary
An OS command injection vulnerability in Cloud CLI versions prior to 1.24.0 poses a critical risk by allowing authenticated attackers to execute arbitrary commands on the host system.
Vulnerability
The application utilizes execAsync() with improper string interpolation of user-controlled parameters within Git-related API endpoints. This flaw allows an authenticated attacker to inject and execute arbitrary OS commands.
Business impact
Successful exploitation grants an attacker the ability to execute commands with the privileges of the application process. Given the CVSS score of 9.1, this vulnerability poses a severe risk of full system compromise, unauthorized data access, and potential lateral movement within the network.
Remediation
Immediate Action: Update Cloud CLI to version 1.24.0 or later immediately to sanitize input parameters correctly.
Proactive Monitoring: Review system and application logs for suspicious process execution patterns or unexpected shell commands originating from the CLI tool.
Compensating Controls: Restrict access to the CLI utility to authorized users only and ensure the application runs with the principle of least privilege to minimize potential impact.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The vulnerability represents a critical security risk that can lead to complete system takeover. Organizations using the Cloud CLI must prioritize the update to version 1.24.0 to mitigate the risk of remote command execution.