CVE-2026-31861
Published: 11 March 2026
Summary
CVE-2026-31861 is a high-severity Code Injection (CWE-94) vulnerability in Cloudcli Cloud Cli. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-31861 by requiring timely patching to version 1.24.0, which fixes the unsafe shell command interpolation in the git-config endpoint.
Prevents command injection by validating user-supplied gitName and gitEmail inputs against expected formats, blocking shell metacharacters like backticks and $() before execution via child_process.exec().
Identifies the command injection vulnerability in Cloud CLI through vulnerability scanning, enabling remediation before exploitation by authenticated attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-accessible API endpoint (/api/user/git-config) directly enables remote exploitation of a public-facing application (T1190) and arbitrary Unix shell command execution via Bash features like $() and backticks (T1059.004).
NVD Description
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed…
more
to child_process.exec(). The input is placed within double quotes and only " is escaped, but backticks (`), $() command substitution, and \ sequences are all interpreted within double-quoted strings in bash. This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint. This vulnerability is fixed in 1.24.0.
Deeper analysisAI
Cloud CLI, also known as Claude Code UI, is a desktop and mobile user interface for tools including Claude Code, Cursor CLI, Codex, and Gemini-CLI. Versions prior to 1.24.0 contain a command injection vulnerability (CVE-2026-31861, CWE-94) in the /api/user/git-config endpoint. This endpoint interpolates user-supplied gitName and gitEmail values into shell command strings executed via child_process.exec(). Although inputs are placed within double quotes with only the double quote character escaped, Bash interprets backticks (`), command substitution ($()), and backslash sequences within double-quoted strings, enabling arbitrary OS command execution. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Authenticated attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting gitName or gitEmail values that include malicious payloads leveraging Bash's double-quoted string features, such as backticks or command substitution, attackers can inject and execute arbitrary operating system commands on the host running the Cloud CLI application.
The vulnerability is addressed in version 1.24.0 of Cloud CLI. GitHub security advisory GHSA-7fv4-fmmc-86g2, the associated patch commit (86c33c1c0cb34176725a38f46960213714fc3e04), and the v1.24.0 release notes detail the fix, recommending immediate upgrades for affected installations.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: claude, claude, gemini