Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version check, causing execFile() to execute the attacker-supplied executable with cmd.exe arguments, resulting in arbitrary code execution on Windows systems.
References
| Link | Resource |
|---|---|
| https://github.com/jarrodwatts/claude-hud/commit/234d9aad919b51326a43bcf90b45ae35c23afc30 | Patch |
| https://github.com/jarrodwatts/claude-hud/issues/485 | Issue Tracking |
| https://github.com/jarrodwatts/claude-hud/pull/487 | Issue Tracking Patch |
| https://www.vulncheck.com/advisories/claude-hud-arbitrary-command-execution-via-comspec-environment-variable | Third Party Advisory |
Configurations
History
02 Jun 2026, 19:08
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:jarrodwatts:claude_hud:*:*:*:*:*:claude_code:*:* | |
| First Time |
Jarrodwatts claude Hud
Jarrodwatts |
|
| References | () https://github.com/jarrodwatts/claude-hud/commit/234d9aad919b51326a43bcf90b45ae35c23afc30 - Patch | |
| References | () https://github.com/jarrodwatts/claude-hud/issues/485 - Issue Tracking | |
| References | () https://github.com/jarrodwatts/claude-hud/pull/487 - Issue Tracking, Patch | |
| References | () https://www.vulncheck.com/advisories/claude-hud-arbitrary-command-execution-via-comspec-environment-variable - Third Party Advisory |
18 May 2026, 20:19
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-18 20:16
Updated : 2026-06-02 19:08
NVD link : CVE-2026-47092
Mitre link : CVE-2026-47092
CVE.ORG link : CVE-2026-47092
JSON object : View
Products Affected
jarrodwatts
- claude_hud
CWE
CWE-427
Uncontrolled Search Path Element