CVE-2026-31975: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1
Summary
Cloud CLI (a user interface for Claude Code and similar tools) had a critical vulnerability in versions before 1.25.0 where user inputs called projectPath, initialCommand, and sessionId were directly used to build system commands without filtering, allowing attackers to inject arbitrary OS commands (OS command injection, where an attacker tricks the system into running unauthorized commands) through WebSocket connections. This vulnerability has been patched in version 1.25.0.
Solution / Mitigation
Update Cloud CLI to version 1.25.0 or later, which fixes the OS command injection vulnerability.
Vulnerability Details
EPSS: 0.0%
March 11, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31975
First tracked: March 11, 2026 at 04:07 PM
Classified by LLM (prompt v3) · confidence: 92%