CVE-2026-31861
Received Received - Intake
Command Injection in Cloud CLI Git-Config Endpoint Allows RCE

Publication date: 2026-03-11

Last updated on: 2026-03-17

Assigner: GitHub, Inc.

Description
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to child_process.exec(). The input is placed within double quotes and only " is escaped, but backticks (`), $() command substitution, and \ sequences are all interpreted within double-quoted strings in bash. This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint. This vulnerability is fixed in 1.24.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-31861
EUVD
EUVD-2026-11263
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudcli cloud_cli to 1.24.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31861 is a critical Shell Command Injection vulnerability in the Cloud CLI (aka Claude Code UI) software, specifically affecting versions up to 1.23.0. The issue exists in the /api/user/git-config endpoint, where user-supplied gitName and gitEmail values are directly inserted into shell commands executed by child_process.exec(). Although double quotes are escaped, other special characters like backticks, command substitution syntax, and backslash sequences are still interpreted by the shell, allowing an authenticated attacker to inject and execute arbitrary operating system commands.

This vulnerability requires network access and JWT authentication, but can be exploited without authentication if combined with another vulnerability that allows forging JWT tokens. The attacker can achieve remote code execution with the privileges of the Node.js process user.

Impact Analysis

The impact of this vulnerability includes full remote code execution (RCE) on the server running the Cloud CLI application, with the privileges of the Node.js process user. An attacker can modify server-wide git configuration, affecting all git operations.

  • Execute arbitrary OS commands remotely.
  • Modify git configuration globally on the server.
  • Read and write files on the server.
  • Install backdoors or malware.
  • Perform lateral movement within the network.
  • Exfiltrate sensitive data.
Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for suspicious or unexpected shell command executions originating from the /api/user/git-config endpoint, especially commands that include unusual characters such as backticks (`), $() command substitutions, or backslash sequences within gitName or gitEmail parameters.

Since the vulnerability involves command injection via user-supplied git configuration values, detection can involve inspecting logs for git config commands executed with unexpected or malicious input.

Suggested commands to detect exploitation attempts include searching process execution logs or monitoring network requests to the vulnerable endpoint for suspicious payloads.

  • Check running processes or recent commands for suspicious git config commands, e.g., using: ps aux | grep git
  • Inspect server logs for requests to /api/user/git-config containing suspicious characters like backticks or $() in gitName or gitEmail fields.
  • Use network monitoring tools to capture and analyze HTTP requests to the vulnerable endpoint for command injection patterns.
Mitigation Strategies

The immediate mitigation step is to upgrade the Cloud CLI (Claude Code UI) to version 1.24.0 or later, where this vulnerability is fixed.

The fix involves replacing the use of child_process.exec() with child_process.spawn() using array arguments to avoid shell interpretation of user inputs.

If upgrading immediately is not possible, avoid exposing the /api/user/git-config endpoint to untrusted users and restrict access to authenticated and trusted users only.

  • Upgrade to version 1.24.0 or later of Cloud CLI (Claude Code UI).
  • Apply the patch that replaces exec() calls with spawn() calls for git config commands.
  • Restrict network access to the vulnerable endpoint and monitor for suspicious activity.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart