CVE-2026-47091— Claude HUD 0.0.12 Path Traversal via transcript_path

CVSS 3.3 · Low EPSS 0.01% · P1 Updated May 19, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

Vendor	Product	Version Range	Status
jarrodwatts	claude-hud	`≤ 0.0.12`	affected
		`234d9aad919b51326a43bcf90b45ae35c23afc30`	unaffected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47091

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Claude HUD 0.0.12 Path Traversal via transcript_path

Source: NVD (National Vulnerability Database)

Vulnerability Description

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a persistent cache file with insufficient permissions, creating a forensic record of accessed paths that survives process exit.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Claude HUD 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Claude HUD是Jarrod Watts个人开发者的一个显示上下文使用、工具状态和进度的Claude Code插件。 Claude HUD 0.0.12及之前版本存在路径遍历漏洞，该漏洞源于路径遍历问题，可能导致攻击者通过stdin JSON提供未验证的transcript_path值读取任意文件。攻击者可以访问进程可读的任何文件，文件元数据被写入权限不足的持久缓存文件，创建访问路径的法医记录。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
jarrodwatts	claude-hud	0 ~ 0.0.12	-

II. Public POCs for CVE-2026-47091

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-47091

请登录查看更多情报信息。

Patches & Fixes for CVE-2026-47091 (2)

Vendor Advisories for CVE-2026-47091 (1)

Claude HUD 0.0.12 Path Traversal via transcript_path | Advisories | VulnCheckthird-party-advisory

Other References for CVE-2026-47091 (1)

Security Vulnerabilities · Issue #485 · jarrodwatts/claude-hudtechnical-description

https://nvd.nist.gov/vuln/detail/CVE-2026-47091

Same Patch Batch · jarrodwatts · 2026-05-18 · 3 CVEs total

CVE-2026-47092	7.8 HIGH	Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable
CVE-2026-47090	4.6 MEDIUM	Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks

IV. Related Vulnerabilities

Same product: claude-hud

Same vendor: jarrodwatts

Same weakness: CWE-22

V. Comments for CVE-2026-47091

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-47091— Claude HUD 0.0.12 Path Traversal via transcript_path

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-47091

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-47091

III. Intelligence Information for CVE-2026-47091

Patches & Fixes for CVE-2026-47091 (2)

Vendor Advisories for CVE-2026-47091 (1)

Other References for CVE-2026-47091 (1)

Same Patch Batch · jarrodwatts · 2026-05-18 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-47091

Leave a comment