What is CVE-2026-31862?

CVE-2026-31862 is a critical-severity vulnerability in Siteboon Claudecodeui, classified under OS Command Injection. CVSS score: 9.1/10. Published 2026-03-11.

How severe is CVE-2026-31862?

Critical severity. CVSS v3 base score is 9.1 out of 10.

RCE in Siteboon Claudecodeui

CVE-2026-31862

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Siteboon Claudecodeui — versions < 1.24.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

https://github.com/siteboon/claudecodeui/security/advisories/GHSA-f2fc-vc88-6w7q (x_refsource_CONFIRM)
https://github.com/siteboon/claudecodeui/releases/tag/v1.24.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-31862?: CVE-2026-31862 is a critical-severity vulnerability in Siteboon Claudecodeui, classified under OS Command Injection. CVSS score: 9.1/10. Published 2026-03-11.
How severe is CVE-2026-31862?: Critical severity. CVSS v3 base score is 9.1 out of 10.