Executive Summary

CVE-2026-31862 is a critical command injection vulnerability in the Cloud CLI (aka Claude Code UI) npm package versions up to 1.23.0. It occurs because multiple Git-related API endpoints use the Node.js execAsync() function with string interpolation of user-controlled parameters such as file paths, branch names, commit messages, and commit hashes. These parameters are directly embedded into shell command strings without proper sanitization.

This improper handling allows authenticated attackers to inject and execute arbitrary operating system commands by exploiting shell metacharacters like command substitution, command chaining, newlines, and other control characters.

The vulnerability affects endpoints such as /api/git/diff, /api/git/status, /api/git/commit, /api/git/checkout, /api/git/create-branch, /api/git/commits, and /api/git/commit-diff, among others.

The issue was fixed in version 1.24.0 by replacing execAsync() calls with spawnAsync() using child_process.spawn with shell: false, passing arguments as arrays to avoid shell interpretation, and by introducing strict validation for commit parameters.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with the privileges of the Node.js process user.

Potential impacts include full server compromise, data exfiltration, and supply chain attacks by injecting malicious code into commits.

Because the attack vector is network-based and requires low complexity, an attacker with valid credentials can exploit this without user interaction, leading to high impact on confidentiality, integrity, and availability of the affected system.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects multiple Git-related API endpoints in versions of @siteboon/claudecodeui prior to 1.24.0, where user-controlled parameters are passed unsafely to execAsync(), allowing command injection.

To detect if your system is vulnerable, you can check the version of the @siteboon/claudecodeui package installed. Versions up to 1.23.0 are vulnerable.

You can also monitor network traffic or logs for suspicious usage of the following API endpoints with unusual or unexpected parameters:

• GET /api/git/diff (file parameter)
• GET /api/git/status (file parameter)
• POST /api/git/commit (files array and message parameter)
• POST /api/git/checkout (branch parameter)
• POST /api/git/create-branch (branch parameter)
• GET /api/git/commits (commit hash parameter)
• GET /api/git/commit-diff (commit parameter)

For command-line detection, you can check the installed package version with commands like:

• npm list @siteboon/claudecodeui
• or check package.json and package-lock.json files for the version.

Additionally, you can scan logs or use intrusion detection systems to look for suspicious shell metacharacters or command injection patterns in parameters passed to these endpoints.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade the @siteboon/claudecodeui package to version 1.24.0 or later, where the vulnerability has been fixed.

The fix replaces all vulnerable execAsync() calls with spawnAsync() using child_process.spawn with shell: false, preventing shell command injection.

If immediate upgrade is not possible, restrict access to the affected API endpoints to trusted and authenticated users only, as the vulnerability requires high privileges.

Implement strict input validation and sanitization on parameters such as file names, branch names, commit messages, and commit hashes to prevent injection of shell metacharacters.

Monitor logs for suspicious activity and consider applying network-level controls to limit exposure.

Useful 0 Not Useful 0