{"data":{"id":"0f0273f8-0d26-42b3-8fa3-b7a3b383580e","title":"CVE-2026-45136: claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.","summary":"claude-code-cache-fix is a tool that speeds up Claude Code by caching results. Versions 3.5.0 through 3.5.1 have a code injection vulnerability (CWE-94, inserting malicious code into a program) in a file called tools/quota-statusline.sh, where user input containing certain byte sequences (''') can break out of a Python string and execute arbitrary code on the user's system. This is a high-severity bug that affects local attackers who can control the input to Claude Code.","solution":"This vulnerability is fixed in version 3.5.2. Users should update to claude-code-cache-fix 3.5.2 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45136","publishedAt":"2026-05-27T21:16:18.523Z","cveId":"CVE-2026-45136","cweIds":["CWE-78","CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude","claude-code-cache-fix"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-27T21:16:18.523Z","capecIds":["CAPEC-242","CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}