CVE-2026-31862
Command Injection in Cloud CLI Git APIs Allows Remote Code Execution
Publication date: 2026-03-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloudcli | cloud_cli | to 1.24.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31862 is a critical command injection vulnerability in the Cloud CLI (aka Claude Code UI) npm package versions up to 1.23.0. It occurs because multiple Git-related API endpoints use the Node.js execAsync() function with string interpolation of user-controlled parameters such as file paths, branch names, commit messages, and commit hashes. These parameters are directly embedded into shell command strings without proper sanitization.
This improper handling allows authenticated attackers to inject and execute arbitrary operating system commands by exploiting shell metacharacters like command substitution, command chaining, newlines, and other control characters.
The vulnerability affects endpoints such as /api/git/diff, /api/git/status, /api/git/commit, /api/git/checkout, /api/git/create-branch, /api/git/commits, and /api/git/commit-diff, among others.
The issue was fixed in version 1.24.0 by replacing execAsync() calls with spawnAsync() using child_process.spawn with shell: false, passing arguments as arrays to avoid shell interpretation, and by introducing strict validation for commit parameters.
How can this vulnerability impact me? :
This vulnerability allows authenticated attackers to execute arbitrary operating system commands with the privileges of the Node.js process user.
Potential impacts include full server compromise, data exfiltration, and supply chain attacks by injecting malicious code into commits.
Because the attack vector is network-based and requires low complexity, an attacker with valid credentials can exploit this without user interaction, leading to high impact on confidentiality, integrity, and availability of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects multiple Git-related API endpoints in versions of @siteboon/claudecodeui prior to 1.24.0, where user-controlled parameters are passed unsafely to execAsync(), allowing command injection.
To detect if your system is vulnerable, you can check the version of the @siteboon/claudecodeui package installed. Versions up to 1.23.0 are vulnerable.
You can also monitor network traffic or logs for suspicious usage of the following API endpoints with unusual or unexpected parameters:
- GET /api/git/diff (file parameter)
- GET /api/git/status (file parameter)
- POST /api/git/commit (files array and message parameter)
- POST /api/git/checkout (branch parameter)
- POST /api/git/create-branch (branch parameter)
- GET /api/git/commits (commit hash parameter)
- GET /api/git/commit-diff (commit parameter)
For command-line detection, you can check the installed package version with commands like:
- npm list @siteboon/claudecodeui
- or check package.json and package-lock.json files for the version.
Additionally, you can scan logs or use intrusion detection systems to look for suspicious shell metacharacters or command injection patterns in parameters passed to these endpoints.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the @siteboon/claudecodeui package to version 1.24.0 or later, where the vulnerability has been fixed.
The fix replaces all vulnerable execAsync() calls with spawnAsync() using child_process.spawn with shell: false, preventing shell command injection.
If immediate upgrade is not possible, restrict access to the affected API endpoints to trusted and authenticated users only, as the vulnerability requires high privileges.
Implement strict input validation and sanitization on parameters such as file names, branch names, commit messages, and commit hashes to prevent injection of shell metacharacters.
Monitor logs for suspicious activity and consider applying network-level controls to limit exposure.