CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

CVE-2026-45136

Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...

claude-code-cache-fix 代码注入漏洞

claude-code-cache-fix is a caching optimization tool developed by Chris Nighswonger. Versions 3.5.0 to 3.5.2 of claude-code-cache-fix had a code injection vulnerability. This vulnerability stemmed from the use of tools/quota-statusline.sh, which directly inserted the hook’s standard input payload...

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...