Cyber Resilience

CVE-2026-31861

HighPublic PoCRCE

Published: 11 March 2026

Published
11 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0603 92.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31861 is a high-severity Code Injection (CWE-94) vulnerability in Cloudcli Cloud Cli. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Cloud CLI, also known as Claude Code UI, is a desktop and mobile user interface for tools including Claude Code, Cursor CLI, Codex, and Gemini-CLI. Versions prior to 1.24.0 contain a command injection vulnerability (CVE-2026-31861, CWE-94) in the /api/user/git-config endpoint. This endpoint interpolates user-supplied gitName and gitEmail values into shell command strings executed via child_process.exec(). Although inputs are placed within double quotes with only the double quote character escaped, Bash interprets backticks (`), command substitution ($()), and backslash sequences within double-quoted strings, enabling arbitrary OS command execution. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Authenticated attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting gitName or gitEmail values that include malicious payloads leveraging Bash's double-quoted string features, such as backticks or command substitution, attackers can inject and execute arbitrary operating system commands on the host running the Cloud CLI application.

The vulnerability is addressed in version 1.24.0 of Cloud CLI. GitHub security advisory GHSA-7fv4-fmmc-86g2, the associated patch commit (86c33c1c0cb34176725a38f46960213714fc3e04), and the v1.24.0 release notes detail the fix, recommending immediate upgrades for affected installations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed…

more

to child_process.exec(). The input is placed within double quotes and only " is escaped, but backticks (`), $() command substitution, and \ sequences are all interpreted within double-quoted strings in bash. This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint. This vulnerability is fixed in 1.24.0.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: claude, gemini

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in network-accessible API endpoint (/api/user/git-config) directly enables remote exploitation of a public-facing application (T1190) and arbitrary Unix shell command execution via Bash features like $() and backticks (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31975Same product: Cloudcli Cloud Cli
CVE-2026-31862Same product: Cloudcli Cloud Cli
CVE-2026-26830Shared CWE-94
CVE-2024-54804Shared CWE-94
CVE-2025-67038Shared CWE-94
CVE-2024-54806Shared CWE-94
CVE-2024-36057Shared CWE-94
CVE-2026-25001Shared CWE-94
CVE-2025-26003Shared CWE-94
CVE-2024-23921Shared CWE-94

Affected Assets

cloudcli
cloud cli
≤ 1.24.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-31861 by requiring timely patching to version 1.24.0, which fixes the unsafe shell command interpolation in the git-config endpoint.

prevent

Prevents command injection by validating user-supplied gitName and gitEmail inputs against expected formats, blocking shell metacharacters like backticks and $() before execution via child_process.exec().

prevent

Identifies the command injection vulnerability in Cloud CLI through vulnerability scanning, enabling remediation before exploitation by authenticated attackers.

References