CVE-2026-47091 – Claude HUD 0.0.12 Path Traversal via transcript_path

CVE ID :CVE-2026-47091

Published : May 18, 2026, 8:16 p.m. | 41 minutes ago

Description :Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a persistent cache file with insufficient permissions, creating a forensic record of accessed paths that survives process exit.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-30950 – AutoGPT has Authenticated Session Hijacking via IDOR

CVE-2026-27964 – FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

CVE-2026-27892 – FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

CVE-2026-27891 – Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism