Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-g3xq-3gmv-qq8g | claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh |
Tue, 02 Jun 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:cnighswonger:claude-code-cache-fix:*:*:*:*:*:*:*:* | |
| Metrics |
cvssV3_1
|
Tue, 02 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cnighswonger
Cnighswonger claude-code-cache-fix |
|
| Vendors & Products |
Cnighswonger
Cnighswonger claude-code-cache-fix |
Wed, 27 May 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user's Claude Code process. This vulnerability is fixed in 3.5.2. | |
| Title | claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh | |
| Weaknesses | CWE-78 CWE-94 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-02T16:07:20.540Z
Reserved: 2026-05-08T20:08:17.210Z
Link: CVE-2026-45136
Updated: 2026-06-02T16:03:38.175Z
Status : Analyzed
Published: 2026-05-27T21:16:18.523
Modified: 2026-06-17T10:51:42.040
Link: CVE-2026-45136
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:49:51Z
Github GHSA