Vulnerabilities

Report: CVE-2026-47090 - Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks - Complete Guide

2026-05-19 0 views admin
Report: CVE-2026-47090 - Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks - Complete Guide

CVE ID :CVE-2026-47090 Published : May 18, 2026, 8:16 p.m. | 1 hour, 17 minutes ago Description :Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can embed ESC+backslash sequences in the current working directory or branch URL to execute malicious ANSI codes including text color changes, forged prompts, and OSC 52 clipboard writes, or trigger outbound HTTP requests to attacker-controlled remotes when hyperlinks are clicked. Severity: 4.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
May 18, 2026

🏷️ Tags

report47090claudeterminalinjectionhyperlinkscompleteguidecvecve-2026-47090

More from Vulnerabilities

Report: CVE-2026-29518 - Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Report: CVE-2026-29518 - Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

2026-05-20 0
Report: CVE-2026-3593 - Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation - Full Analysis

Report: CVE-2026-3593 - Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation - Full Analysis

2026-05-20 0
Report: Ultimate Guide: CVE-2026-3592 - Amplification vulnerabilities via self-pointed glue records

Report: Ultimate Guide: CVE-2026-3592 - Amplification vulnerabilities via self-pointed glue records

2026-05-20 0
Report: Ultimate Guide: CVE-2026-3039 - BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Report: Ultimate Guide: CVE-2026-3039 - BIND 9 server memory exhaustion during GSS-API TKEY negotiation

2026-05-20 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views