{"data":{"id":"0b2f4df0-4649-47c2-86dc-591a592e9172","title":"CVE-2026-47092: Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attac","summary":"Claude HUD versions up to 0.0.12 contain a command injection vulnerability (a security flaw where an attacker can trick a program into running harmful commands) that affects Windows systems. An attacker with local access can manipulate the COMSPEC environment variable (a Windows setting that specifies which command interpreter to use) before the software checks its version, causing it to run malicious code with system permissions.","solution":"The vulnerability was patched in commit 234d9aa. Users should update to a version after 0.0.12 that includes this patch.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47092","publishedAt":"2026-05-18T20:16:40.040Z","cveId":"CVE-2026-47092","cweIds":["CWE-427"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude HUD","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-18T20:16:40.040Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}