Description
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution. A secondary injection vector exists via unsanitized sessionId. This vulnerability is fixed in 1.25.0.
Published: 2026-03-11
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An OS command injection vulnerability exists in the Cloud CLI (Claude Code UI) application before version 1.25.0. The server component builds a bash command string by directly inserting the WebSocket message fields projectPath and initialCommand, without sanitizing user input. An attacker able to send crafted WebSocket messages can execute arbitrary shell commands on the server, leading to full compromise of the host. Additionally, the sessionId field is unsanitized, providing a secondary injection vector that can also be leveraged by an attacker.

Affected Systems

All deployments of the Siteboon Claude Code UI (Cloud CLI) desktop and mobile client earlier than version 1.25.0 are affected. The flaw resides in the server/index.js module that processes WebSocket shell requests, meaning any instance exposing this endpoint to a network can be compromised.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high severity, while the EPSS score is below 1 %, suggesting a currently low exploitation probability. It is not listed in the CISA KEV catalog. Exploitation requires network access to the Cloud CLI server and the ability to send WebSocket shell messages; given the unsanitized fields, a remote attacker could gain full system control. The issue was fixed in version 1.25.0, eliminating both the primary and secondary injection vectors.

Generated by OpenCVE AI on March 20, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cloud CLI application to version 1.25.0 or later on all affected installations.
  • Verify that the upgrade has been applied consistently across all servers running the CLI.
  • If an upgrade cannot be performed immediately, restrict access to the WebSocket shell endpoint to trusted users only or disable the endpoint entirely.
  • Consider adding input validation or sanitizing the sessionId field as an interim mitigation measure.

Generated by OpenCVE AI on March 20, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gv8f-wpm2-m5wr @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection
History

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Cloudcli
Cloudcli cloud Cli
CPEs cpe:2.3:a:cloudcli:cloud_cli:*:*:*:*:*:*:*:*
Vendors & Products Cloudcli
Cloudcli cloud Cli
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Siteboon
Siteboon claudecodeui
Vendors & Products Siteboon
Siteboon claudecodeui

Wed, 11 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution. A secondary injection vector exists via unsanitized sessionId. This vulnerability is fixed in 1.25.0.
Title Cloud CLI WebSocket shell injection
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cloudcli Cloud Cli
Siteboon Claudecodeui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T14:05:01.389Z

Reserved: 2026-03-10T15:40:10.487Z

Link: CVE-2026-31975

cve-icon Vulnrichment

Updated: 2026-03-12T14:04:49.696Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T18:16:27.177

Modified: 2026-03-20T16:17:49.403

Link: CVE-2026-31975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:20Z

Weaknesses