CVE-2026-31862 is an OS command injection vulnerability classified under CWE-78, discovered in siteboon's Cloud CLI (Claude Code UI) prior to version 1.24.0. The vulnerability stems from the use of the execAsync() function with string interpolation of user-controlled parameters such as file names, branch names, commit messages, and commit identifiers within multiple Git-related API endpoints. Because these parameters are not properly sanitized or neutralized, an authenticated attacker can inject malicious shell commands that the application executes on the underlying operating system. This can lead to arbitrary command execution with the privileges of the Cloud CLI process, potentially allowing attackers to read, modify, or delete sensitive data, disrupt services, or pivot within the network. The vulnerability affects both desktop and mobile versions of the UI, which serve as frontends to various CLIs including Claude Code, Cursor CLI, Codex, and Gemini-CLI. The flaw was publicly disclosed on March 11, 2026, with a CVSS v3.1 base score of 9.1, reflecting its critical impact and ease of exploitation given that only authentication is required and no additional user interaction is needed. The issue was addressed in version 1.24.0 by properly sanitizing inputs and avoiding unsafe string interpolation in execAsync() calls. While no active exploits have been reported, the vulnerability poses a significant risk to organizations using affected versions in their development pipelines.

The impact of CVE-2026-31862 is severe for organizations using siteboon's Cloud CLI versions prior to 1.24.0. Successful exploitation allows authenticated attackers to execute arbitrary OS commands, potentially leading to full system compromise. This can result in unauthorized access to sensitive source code, leakage of intellectual property, disruption of development workflows, and potential lateral movement within corporate networks. The integrity of code repositories and build environments can be undermined, risking the introduction of malicious code or backdoors. Availability may also be affected if attackers delete or corrupt critical files or services. Given the CLI's role in software development and deployment, such compromise could cascade into production environments, amplifying damage. The vulnerability's high CVSS score reflects the broad scope of impact on confidentiality, integrity, and availability, combined with the low attack complexity and lack of need for user interaction beyond authentication.

Organizations should immediately upgrade all instances of siteboon's Cloud CLI (Claude Code UI) to version 1.24.0 or later, where the vulnerability is fixed. Until upgrades can be applied, restrict access to the affected API endpoints to trusted users only and monitor logs for suspicious command execution patterns. Implement strict input validation and sanitization on any user-supplied parameters passed to system commands, avoiding unsafe string interpolation in code. Employ the principle of least privilege by running the Cloud CLI processes with minimal permissions to limit the impact of potential exploitation. Network segmentation can help contain any compromise. Additionally, conduct thorough audits of development environments and repositories for signs of unauthorized changes. Security teams should update detection rules to identify attempts to exploit this vulnerability and educate developers and administrators about the risks of command injection in CLI tools.