CVE-2026-31975

Name of the Vulnerable Software and Affected Versions Cloud CLI (aka Claude Code UI) versions prior to 1.25.0

Description Cloud CLI, a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI, contains a flaw due to OS Command Injection via WebSocket Shell. The projectPath and initialCommand parameters in the server/index.js file are directly incorporated into a bash command string without proper sanitization, allowing for arbitrary OS command execution. A further injection point exists through the unsanitized sessionId. This issue allows unauthenticated remote code execution on any instance running with the default configuration. The root cause is the insecure default JWT secret combined with a WebSocket authentication function that bypasses database user validation. The vulnerability allows full OS command execution, file system access, credential theft, and potential lateral movement within the network. The projectPath parameter is also susceptible to double-quote escape injection.

Recommendations Versions prior to 1.25.0 should be updated to version 1.25.0 or later. Enforce an explicit JWT SECRET environment variable and remove the insecure default value. Add a database user existence check in the WebSocket authentication process. Replace shell string interpolation with a spawn argument array.