Python Execution Vulnerability in Claude Code Cache Optimization Proxy
CVE-2026-45136

8.6HIGH

Key Information:

Vendor

Cnighswonger

Status
Claude-code-cache-fix
Vendor
CVE Published:
27 May 2026

What is CVE-2026-45136?

The latest vulnerability in the claude-code-cache-fix cache optimization proxy allows for potential execution of arbitrary Python code due to improper handling of user input in specific fields. In versions 3.5.0 to just before 3.5.2, the integration of user-supplied payloads into a Python string literal enables attackers to close the literal prematurely using a ''' byte sequence. This error facilitates the execution of subsequent bytes as Python instructions within the user's Claude Code environment, posing a significant security risk. The issue has been addressed in version 3.5.2.

Affected Version(s)

claude-code-cache-fix >= 3.5.0, < 3.5.2

References

https://github.com/cnighswonger/claude-code-cache-fix/sec...
x_refsource_CONFIRM
https://github.com/cnighswonger/claude-code-cache-fix/iss...
x_refsource_MISC
https://github.com/cnighswonger/claude-code-cache-fix/pul...
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.