CVE-2026-47092
HIGH EPSS 39.6%
Published May 18, 20261mo ago · Modified Jun 17, 20261w ago
7.3 CVSS 4.0
Published May 18, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version check, causing execFile() to execute the attacker-supplied executable with cmd.exe arguments, resulting in arbitrary code execution on Windows systems.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
39.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-427
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| jarrodwatts | claude_hud | * | ≤0.0.12 |
References 4
- github.com https://github.com/jarrodwatts/claude-hud/commit/234d9aad919b51326a43bcf90b45ae35c23afc30
- github.com https://github.com/jarrodwatts/claude-hud/issues/485
- github.com https://github.com/jarrodwatts/claude-hud/pull/487
- vulncheck.com https://www.vulncheck.com/advisories/claude-hud-arbitrary-command-execution-via-comspec-environment-variable
Remediation
- github.com https://github.com/jarrodwatts/claude-hud/commit/234d9aad919b51326a43bcf90b45ae35c23afc30
- github.com https://github.com/jarrodwatts/claude-hud/pull/487