RCE in Siteboon Claudecodeui

CVE-2026-31861

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.

Affected products

Siteboon Claudecodeui — versions < 1.24.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/siteboon/claudecodeui/security/advisories/GHSA-7fv4-fmmc-86g2 (x_refsource_CONFIRM)
https://github.com/siteboon/claudecodeui/commit/86c33c1c0cb34176725a38f46960213714fc3e04 (x_refsource_MISC)
https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0 (x_refsource_MISC)