{"data":{"id":"5a1dee36-441b-4317-aedc-a5fa7e647124","title":"CVE-2026-47090: Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd","summary":"Claude HUD version 0.0.12 and earlier has a vulnerability where it creates terminal hyperlinks (clickable links in terminal windows) using user-controlled data without properly cleaning it first, allowing attackers to inject malicious terminal codes (ANSI codes, which control formatting and behavior in terminals) that could change text colors, fake command prompts, steal clipboard data, or redirect users to attacker-controlled websites.","solution":"Patched in commit 234d9aa.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47090","publishedAt":"2026-05-18T20:16:39.673Z","cveId":"CVE-2026-47090","cweIds":["CWE-150"],"cvssScore":"4.6","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude HUD","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-18T20:16:39.673Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}