CVE-2026-47092
- EPSS 0.51%
- Veröffentlicht 18.05.2026 20:16:40
- Zuletzt bearbeitet 02.06.2026 19:08:13
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary bin...
CVE-2026-47090
- EPSS 0.1%
- Veröffentlicht 18.05.2026 20:16:39
- Zuletzt bearbeitet 02.06.2026 19:09:33
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANS...
CVE-2026-47091
- EPSS 0.13%
- Veröffentlicht 18.05.2026 20:16:39
- Zuletzt bearbeitet 02.06.2026 19:09:39
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by th...