CVE-2026-31861 is a critical code injection vulnerability classified under CWE-94 affecting siteboon's Cloud CLI (Claude Code UI) product before version 1.24.0. The vulnerability exists in the /api/user/git-config REST API endpoint, which accepts user input parameters gitName and gitEmail. These inputs are directly interpolated into shell command strings executed by Node.js's child_process.exec() function. While the inputs are enclosed in double quotes and the double quote character is escaped, bash still processes command substitution syntax such as backticks (`), $(), and backslash sequences within double-quoted strings. This improper input sanitization allows an authenticated attacker to inject arbitrary shell commands that get executed with the privileges of the running process. The attack requires only authentication, no additional user interaction, and can be triggered remotely via the API. The vulnerability can lead to arbitrary code execution on the host system, potentially compromising confidentiality, integrity, and availability of the affected environment. The issue was publicly disclosed and assigned CVE-2026-31861 with a CVSS 4.0 score of 8.7 (high severity). The vendor fixed the vulnerability in version 1.24.0 by presumably correcting input handling and command construction. No known exploits are reported in the wild yet, but the ease of exploitation and impact make this a critical risk for organizations using affected versions of Cloud CLI.

The impact of CVE-2026-31861 is significant for organizations using siteboon's Cloud CLI (Claude Code UI) versions prior to 1.24.0. Successful exploitation allows authenticated attackers to execute arbitrary operating system commands with the privileges of the application process. This can lead to full system compromise, unauthorized data access or modification, lateral movement within networks, deployment of malware or ransomware, and disruption of services. Since the vulnerability is remotely exploitable via an API endpoint without user interaction, attackers can automate attacks at scale. Organizations relying on Cloud CLI for development workflows or automation may face severe operational and security consequences. The vulnerability also poses risks to supply chains if attackers leverage compromised systems to target downstream users. Given the high CVSS score and the nature of the flaw, the threat level is elevated, especially in environments where the Cloud CLI is exposed to untrusted networks or where authentication controls are weak.

To mitigate CVE-2026-31861, organizations should immediately upgrade siteboon's Cloud CLI (Claude Code UI) to version 1.24.0 or later, where the vulnerability is fixed. Until upgrading is possible, restrict access to the /api/user/git-config endpoint by implementing network-level controls such as firewalls or API gateways to limit exposure to trusted users only. Employ strong authentication mechanisms and monitor API usage for suspicious activity indicative of exploitation attempts. Review and harden the environment where Cloud CLI runs by applying the principle of least privilege to the application process, minimizing the impact of potential command execution. Additionally, consider implementing input validation and sanitization proxies or wrappers if feasible. Regularly audit logs and system behavior for anomalies. Finally, educate development and security teams about the risks of command injection and secure coding practices to prevent similar issues.