{"data":{"id":"be0c0457-6f33-41c5-9955-9052ecdaefeb","title":"CVE-2026-31862: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1","summary":"Cloud CLI (a user interface for AI coding tools like Claude Code and Gemini-CLI) had a vulnerability before version 1.24.0 where attackers who had login access could run unauthorized commands on a computer by manipulating text inputs in Git-related features. This happened because the software used string interpolation (directly inserting user text into commands) without properly checking if the input was safe, which is a type of OS command injection (CWE-78, where an attacker tricks the system into executing arbitrary commands).","solution":"This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to 1.24.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31862","publishedAt":"2026-03-11T18:16:25.073Z","cveId":"CVE-2026-31862","cweIds":["CWE-78"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic","Microsoft"],"affectedVendorsRaw":["Claude Code UI","Claude Code","Cursor CLI","Codex","Gemini-CLI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"high","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-11T18:16:25.073Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}