Cyber Resilience

CVE-2026-31862

CriticalRCE

Published: 11 March 2026

Published
11 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0044 34.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-31862 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cloudcli Cloud Cli. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31862 is an OS command injection vulnerability (CWE-78) in Cloud CLI, also known as Claude Code UI, a desktop and mobile user interface for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Published on 2026-03-11, it affects versions prior to 1.24.0, where multiple Git-related API endpoints invoke execAsync() using string interpolation of user-controlled parameters including file, branch, message, and commit names. This flaw enables attackers to inject and execute arbitrary operating system commands.

The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating exploitation is possible over the network with low complexity, no user interaction, and high privileges required, but with a changed scope leading to high impacts on confidentiality, integrity, and availability. Authenticated attackers with sufficient privileges can supply malicious payloads via the affected parameters to the API endpoints, achieving remote arbitrary command execution on the host system running the UI.

The issue is addressed in Cloud CLI version 1.24.0. Official mitigation involves updating to this patched release, as detailed in the GitHub security advisory (GHSA-f2fc-vc88-6w7q) and release notes (v1.24.0).

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing…

more

authenticated attackers to execute arbitrary OS commands. This vulnerability is fixed in 1.24.0.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: claude, gemini

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in network-accessible Git API endpoints directly enables remote arbitrary command execution (T1059) via exploitation of a vulnerable application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31975Same product: Cloudcli Cloud Cli
CVE-2026-31861Same product: Cloudcli Cloud Cli
CVE-2025-31692Shared CWE-78
CVE-2025-54795Shared CWE-78
CVE-2026-28470Shared CWE-78
CVE-2025-69269Shared CWE-78
CVE-2025-24971Shared CWE-78
CVE-2025-64755Shared CWE-78
CVE-2026-22553Shared CWE-78
CVE-2026-22901Shared CWE-78

Affected Assets

cloudcli
cloud cli
≤ 1.24.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of user-controlled parameters (file, branch, message, commit) prior to string interpolation in execAsync calls, directly preventing OS command injection in Git-related API endpoints.

prevent

Mandates timely identification, reporting, and correction of flaws like this command injection vulnerability, as evidenced by the patch in version 1.24.0.

prevent

Enforces least privilege on the Cloud CLI process executing execAsync, limiting the scope and impact of arbitrary commands injected by high-privilege authenticated attackers.

References