{"data":{"id":"0655befe-bd8d-438c-b813-34b8e23b35ef","title":"CVE-2026-47091: Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to r","summary":"Claude HUD versions up to 0.0.12 contain a path traversal vulnerability (a flaw where attackers can access files outside intended directories by manipulating file paths) that lets attackers read any file the program can access by sending a malicious transcript_path value. Additionally, the vulnerability creates a cache file with weak permissions that records which files were accessed, leaving evidence even after the program stops running.","solution":"The vulnerability was patched in commit 234d9aa. Users should update to a version containing this commit or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47091","publishedAt":"2026-05-18T20:16:39.863Z","cveId":"CVE-2026-47091","cweIds":["CWE-22"],"cvssScore":"3.3","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude HUD"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-18T20:16:39.863Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}