CVE-2026-47092

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12

Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software performs its version check, the execFile() function executes the attacker-supplied executable with cmd.exe arguments, leading to arbitrary code execution.

Recommendations Update to the version containing commit 234d9aa.