CVE-2026-47091

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12

Description A path traversal issue allows attackers to read arbitrary files by providing an unvalidated transcript path value via stdin JSON. This enables access to any file readable by the process. Additionally, file metadata is written to a persistent cache file with insufficient permissions, which creates a forensic record of the accessed paths that remains after the process exits.

Recommendations Update to the version containing commit 234d9aa.