{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/claude-code-cache-fix/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["claude-code-cache-fix"],"_cs_severities":["high"],"_cs_tags":["code-execution","injection","linux"],"_cs_type":"advisory","_cs_vendors":["cnighswonger"],"content_html":"\u003cp\u003eClaude Code versions 3.5.0 and 3.5.1 are vulnerable to local code execution via Python injection. The vulnerability lies in the \u003ccode\u003etools/quota-statusline.sh\u003c/code\u003e script, which is recommended in the v3.5.0 README for wiring into the \u003ccode\u003estatusLine\u003c/code\u003e configuration. The script directly interpolates Claude Code\u0026rsquo;s hook stdin payload into a Python triple-quoted string literal. By crafting a malicious directory name containing the sequence \u003ccode\u003e'''\u003c/code\u003e, an attacker can prematurely close the string literal and inject arbitrary Python code into the user\u0026rsquo;s Claude Code process. This code executes with the user\u0026rsquo;s privileges, allowing access to sensitive data and resources. The vulnerability was reported on 2026-05-07 and patched in version 3.5.2, released on the same day.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious actor crafts a directory name containing the string \u003ccode\u003e'''\u003c/code\u003e followed by arbitrary Python code and another \u003ccode\u003e'''\u003c/code\u003e to close the string.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the hostile directory to the victim\u0026rsquo;s filesystem via any means (e.g., \u003ccode\u003egit clone\u003c/code\u003e, archive extraction, npm package installation, downloaded zip file).\u003c/li\u003e\n\u003cli\u003eThe victim has \u003ccode\u003etools/quota-statusline.sh\u003c/code\u003e configured as the \u003ccode\u003estatusLine\u003c/code\u003e hook in their Claude Code settings as recommended.\u003c/li\u003e\n\u003cli\u003eThe victim navigates into the directory containing the hostile path using the \u003ccode\u003ecd\u003c/code\u003e command in their shell. This can also occur if a project or workspace is opened from the hostile path.\u003c/li\u003e\n\u003cli\u003eClaude Code\u0026rsquo;s statusline hook is triggered upon every statusline redraw, which happens frequently.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003etools/quota-statusline.sh\u003c/code\u003e script executes, interpolating the user-controlled directory path into the Python command.\u003c/li\u003e\n\u003cli\u003eThe malicious payload injected via the directory name is executed as Python code within the context of the user\u0026rsquo;s Claude Code process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains local code execution with the privileges of the user running Claude Code, allowing them to access files, SSH keys, and other sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to local code execution with the privileges of the user running Claude Code. An attacker can gain access to the user\u0026rsquo;s files, SSH keys, and other sensitive credentials. This can lead to complete compromise of the user\u0026rsquo;s local environment and potentially lateral movement to other systems if credentials are reused. Users who followed the recommended setup instructions in the v3.5.0 README are particularly at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to claude-code-cache-fix version 3.5.2 or later to remediate CVE-2026-45136.\u003c/li\u003e\n\u003cli\u003eDisable the statusline by removing the \u003ccode\u003estatusLine\u003c/code\u003e entry from \u003ccode\u003e~/.claude/settings.json\u003c/code\u003e as a temporary workaround.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Python Code Injection via quota-statusline.sh (CVE-2026-45136)\u0026rdquo; to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T15:37:28Z","date_published":"2026-05-13T15:37:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-claude-code-exec/","summary":"A vulnerability exists in claude-code-cache-fix versions 3.5.0 and 3.5.1 where the `tools/quota-statusline.sh` script interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal, allowing local code execution via Python triple-quote injection (CVE-2026-45136).","title":"claude-code-cache-fix Local Code Execution via Python Injection (CVE-2026-45136)","url":"https://feed.craftedsignal.io/briefs/2026-05-claude-code-exec/"}],"language":"en","title":"CraftedSignal Threat Feed — Claude-Code-Cache-Fix","version":"https://jsonfeed.org/version/1.1"}