EUVD-2026-27534

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

Oracle OCI CLI 路径遍历漏洞

Oracle OCI CLI is a cloud infrastructure management command-line tool developed by Oracle Corporation in the United States. Version 3.77 of Oracle OCI CLI contains a path traversal vulnerability. This vulnerability allows unauthorized attackers to access the system through the network, enabling...

CVE-2026-31975

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

CVE-2026-31862

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

CVE-2026-31861

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31975

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

CVE-2026-31975

Cloud CLI (Claude Code UI) vulnerable to OS command injection via WebSocket, affecting claude-code-ui up to version 1.24.0. The root cause is direct interpolation of WebSocket payload values (projectPath and initialCommand) into a bash command string in server/index.js, with a secondary vector th...

CVE-2026-31975 Cloud CLI WebSocket shell injection

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31861

CVE-2026-31861 affects Cloud CLI (Claude Code UI). The /api/user/git-config endpoint interpolates user-supplied gitName/gitEmail into shell commands executed via child_process.exec(), placing input inside double quotes with only " escaped. Bash will still interpret backticks, $() substitutions, a...

CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

CVE-2026-31862

CVE-2026-31862 affects Cloud CLI (Claude Code UI) and related tooling (siteboon/claude-code-ui). Before version 1.24.0, multiple Git-related API endpoints interpolated user-controlled inputs (file, branch, message, commit) into shell commands executed via execAsync(), enabling an authenticated us...

CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

Cloud CLI 代码注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...

PT-2026-24693

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cve claudecodeui submission v2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions ...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.25.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the projectPath and initialCommand parameters in the...

PT-2026-24753

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the use of string interpolation for user input across...