CVE-2026-31975 affects the siteboon Cloud CLI (claudecodeui), a desktop and mobile interface for interacting with Claude Code, Cursor CLI, Codex, and Gemini-CLI. The vulnerability is an OS command injection (CWE-78) caused by improper neutralization of special elements in user inputs. Specifically, the server component (server/index.js) takes the projectPath and initialCommand parameters from WebSocket message payloads and directly interpolates them into bash command strings without any sanitization or validation. Additionally, the sessionId parameter is also unsanitized and can serve as a secondary injection vector. This allows an attacker who can send crafted WebSocket messages to execute arbitrary operating system commands with the privileges of the server process. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk. The CVSS 4.0 base score is 8.7 (high), reflecting network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability was publicly disclosed on March 11, 2026, and fixed in version 1.25.0 of claudecodeui. No known exploits in the wild have been reported yet.

Successful exploitation of this vulnerability can lead to full system compromise of the host running the vulnerable claudecodeui server component. Attackers can execute arbitrary commands, potentially leading to unauthorized data access, data modification or destruction, installation of malware or backdoors, lateral movement within networks, and disruption of services. Because the vulnerability is remotely exploitable without authentication, attackers can target exposed instances directly over the network. This poses a significant risk to organizations using claudecodeui in development, testing, or production environments, especially if these systems have elevated privileges or access to sensitive resources. The impact extends to confidentiality, integrity, and availability of affected systems and data.

Organizations should immediately upgrade claudecodeui to version 1.25.0 or later, where the vulnerability is patched. If upgrading is not immediately possible, restrict network access to the WebSocket server component using firewalls or network segmentation to limit exposure to trusted users only. Implement WebSocket message validation and input sanitization at the application level to prevent injection of malicious commands. Employ the principle of least privilege for the service running claudecodeui to minimize potential damage from exploitation. Monitor logs and network traffic for suspicious WebSocket activity indicative of exploitation attempts. Consider deploying runtime application self-protection (RASP) or host-based intrusion detection systems (HIDS) to detect and block command injection attempts. Finally, conduct security reviews and code audits for similar injection vulnerabilities in related components.