CVE-2026-31862
Published: 11 March 2026
Summary
CVE-2026-31862 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cloudcli Cloud Cli. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of user-controlled parameters (file, branch, message, commit) prior to string interpolation in execAsync calls, directly preventing OS command injection in Git-related API endpoints.
Mandates timely identification, reporting, and correction of flaws like this command injection vulnerability, as evidenced by the patch in version 1.24.0.
Enforces least privilege on the Cloud CLI process executing execAsync, limiting the scope and impact of arbitrary commands injected by high-privilege authenticated attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in network-accessible Git API endpoints directly enables remote arbitrary command execution (T1059) via exploitation of a vulnerable application (T1190).
NVD Description
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing…
more
authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.
Deeper analysisAI
CVE-2026-31862 is an OS command injection vulnerability (CWE-78) in Cloud CLI, also known as Claude Code UI, a desktop and mobile user interface for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Published on 2026-03-11, it affects versions prior to 1.24.0, where multiple Git-related API endpoints invoke execAsync() using string interpolation of user-controlled parameters including file, branch, message, and commit names. This flaw enables attackers to inject and execute arbitrary operating system commands.
The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating exploitation is possible over the network with low complexity, no user interaction, and high privileges required, but with a changed scope leading to high impacts on confidentiality, integrity, and availability. Authenticated attackers with sufficient privileges can supply malicious payloads via the affected parameters to the API endpoints, achieving remote arbitrary command execution on the host system running the UI.
The issue is addressed in Cloud CLI version 1.24.0. Official mitigation involves updating to this patched release, as detailed in the GitHub security advisory (GHSA-f2fc-vc88-6w7q) and release notes (v1.24.0).
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: claude, claude, gemini