Vulnerabilities/

@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

Severity:: High

Description

Download: cve_claudecodeui_submission_v2.zip

Recommendation

Update the @siteboon/claude-code-ui package to the latest compatible version. Followings are version details:

Affected version(s): <= 1.24.0
Patched version(s): 1.25.0

References

Related Issues

@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes - CVE-2026-31861
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API - CVE-2026-25895
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule - CVE-2025-67750
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL - CVE-2026-31871

Tags:: npm; @siteboon/claude-code-ui

Anything's wrong? Let us know Last updated on March 11, 2026