{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31975", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:40:10.487Z", "datePublished": "2026-03-11T17:27:06.111Z", "dateUpdated": "2026-03-12T14:05:01.389Z"}, "containers": {"cna": {"title": "Cloud CLI WebSocket shell injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr"}, {"name": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26", "tags": ["x_refsource_MISC"], "url": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26"}, {"name": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0"}], "affected": [{"vendor": "siteboon", "product": "claudecodeui", "versions": [{"version": "< 1.25.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T17:27:06.111Z"}, "descriptions": [{"lang": "en", "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution. A secondary injection vector exists via unsanitized sessionId. This vulnerability is fixed in 1.25.0."}], "source": {"advisory": "GHSA-gv8f-wpm2-m5wr", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:04:56.739217Z", "id": "CVE-2026-31975", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:05:01.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31975", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T14:04:56.739217Z"}}}], "references": [{"url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:04:49.696Z"}}], "cna": {"title": "Cloud CLI WebSocket shell injection", "source": {"advisory": "GHSA-gv8f-wpm2-m5wr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "siteboon", "product": "claudecodeui", "versions": [{"status": "affected", "version": "< 1.25.0"}]}], "references": [{"url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr", "name": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26", "name": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0", "name": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution. A secondary injection vector exists via unsanitized sessionId. This vulnerability is fixed in 1.25.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T17:27:06.111Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31975", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:05:01.389Z", "dateReserved": "2026-03-10T15:40:10.487Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T17:27:06.111Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD62C338-7624-4C6C-B8A8-D1FBF207CFDD", "versionEndExcluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution. A secondary injection vector exists via unsanitized sessionId. This vulnerability is fixed in 1.25.0."}, {"lang": "es", "value": "Cloud CLI (tambi\u00e9n conocida como Claude Code UI) es una interfaz de usuario de escritorio y m\u00f3vil para Claude Code, Cursor CLI, Codex y Gemini-CLI. Antes de la versi\u00f3n 1.25.0, exist\u00eda una inyecci\u00f3n de comandos del sistema operativo (OS Command Injection) a trav\u00e9s de WebSocket Shell. Tanto projectPath como initialCommand en servidor/index.js se toman directamente de la carga \u00fatil del mensaje de WebSocket y se interpolan en una cadena de comandos bash sin ninguna sanitizaci\u00f3n, lo que permite la ejecuci\u00f3n arbitraria de comandos del sistema operativo. Existe un vector de inyecci\u00f3n secundario a trav\u00e9s de un sessionId no sanitizado. Esta vulnerabilidad se corrige en la versi\u00f3n 1.25.0."}], "id": "CVE-2026-31975", "lastModified": "2026-03-20T16:17:49.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T18:16:27.177", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.25.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "claudecodeui", "source": "cna", "vendor": "siteboon"}, "product": "claudecodeui", "vendor": "siteboon"}], "analysis": {"en": {"generated_at": "2026-03-20T17:54:59.272995+00:00", "value": {"mitigation_remediation": ["Upgrade the Cloud CLI application to version\u202f1.25.0 or later on all affected installations.", "Verify that the upgrade has been applied consistently across all servers running the CLI.", "If an upgrade cannot be performed immediately, restrict access to the WebSocket shell endpoint to trusted users only or disable the endpoint entirely.", "Consider adding input validation or sanitizing the sessionId field as an interim mitigation measure."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All deployments of the Siteboon Claude Code UI (Cloud CLI) desktop and mobile client earlier than version\u202f1.25.0 are affected. The flaw resides in the server/index.js module that processes WebSocket shell requests, meaning any instance exposing this endpoint to a network can be compromised.", "description_and_impact": "An OS command injection vulnerability exists in the Cloud CLI (Claude Code UI) application before version 1.25.0. The server component builds a bash command string by directly inserting the WebSocket message fields projectPath and initialCommand, without sanitizing user input. An attacker able to send crafted WebSocket messages can execute arbitrary shell commands on the server, leading to full compromise of the host. Additionally, the sessionId field is unsanitized, providing a secondary injection vector that can also be leveraged by an attacker.", "risk_and_exploitability": "The vulnerability carries a CVSS score of\u202f8.7, indicating high severity, while the EPSS score is below\u202f1\u202f%, suggesting a currently low exploitation probability. It is not listed in the CISA KEV catalog. Exploitation requires network access to the Cloud CLI server and the ability to send WebSocket shell messages; given the unsanitized fields, a remote attacker could gain full system control. The issue was fixed in version\u202f1.25.0, eliminating both the primary and secondary injection vectors."}}}}, "created": "2026-03-12T09:57:37.656998+00:00", "updated": "2026-03-23T09:55:20.301294+00:00", "vendors": ["siteboon", "siteboon$PRODUCT$claudecodeui"]}