CVE-2026-45136 cnighswonger CVE debrief

Who should care

Organizations and individual developers using claude-code-cache-fix versions 3.5.0 or 3.5.1 as a cache optimization proxy for Claude Code. Security teams responsible for supply chain security of AI coding assistants and their supporting infrastructure. Developers maintaining forked or customized versions of the tool.

Technical summary

The vulnerability stems from improper input validation when constructing Python code dynamically. The tools/quota-statusline.sh script takes untrusted input from Claude Code's hook stdin and embeds it directly into a triple-quoted Python string literal. The triple-quote delimiter (''') serves as both the injection point and execution trigger—when present in user input, it terminates the intended string context and shifts the parser into executable Python code context. This is a classic injection pattern where metacharacters intended for data delimitation are not escaped or parameterized, allowing context boundary violation.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade claude-code-cache-fix to version 3.5.2 or later
• Review any custom hook configurations for suspicious ''' sequences in payload data
• Audit Claude Code process logs for unexpected Python execution patterns
• Validate input sanitization in any locally modified versions of tools/quota-statusline.sh

Evidence notes

Vulnerability affects versions 3.5.0 to before 3.5.2. Attack vector requires local access with no privileges required and no user interaction. CVSS 4.0 vector indicates high impact to confidentiality and integrity, low impact to availability.

Official resources