CVE-2026-47091 jarrodwatts CVE debrief

Who should care

Organizations and developers using Claude HUD for AI-assisted development workflows, particularly in multi-user or shared environments where process file system permissions may expose sensitive configuration files, credentials, or source code. Security teams should prioritize patching in development environments where Claude HUD processes may have elevated file access.

Technical summary

The vulnerability exists in Claude HUD versions through 0.0.12 where the `transcript_path` parameter from stdin JSON is not properly validated before use in file operations. This allows path traversal sequences to access files outside intended directories. The application also writes file metadata to a persistent cache with insufficient permission restrictions, preserving evidence of file access even after process termination. The attack requires local access and low privileges but no user interaction.

Defensive priority

medium

Recommended defensive actions

• Upgrade Claude HUD to version 0.0.13 or later containing commit 234d9aa
• Review and restrict file system permissions for the Claude HUD process to minimize accessible files
• Audit and remove any existing cache files that may contain forensic records of prior file access
• Implement input validation for all JSON parameters received via stdin, particularly path-related fields
• Consider sandboxing or containerizing Claude HUD to limit filesystem exposure
• Monitor for anomalous file access patterns in environments running unpatched versions

Evidence notes

Vulnerability disclosed via Vulncheck advisory with references to GitHub commit, issue, and pull request. Patch commit 234d9aad919b51326a43bcf90b45ae35c23afc30 confirms remediation. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) identified as primary weakness.

Official resources