## Cloudflare wrangler CLI Vulnerability: OS Command Injection Patched in Pages Deploy After CVE-2026-0933 Disclosure
Cloudflare has patched a critical OS command injection vulnerability in wrangler, the official command-line tool for deploying Cloudflare Workers and Pages projects. The flaw, catalogued as CVE-2026-0933 and tracked as GHSA-36p8-mvp6-cv38, resides specifically in the `wrangler pages deploy` function, affecting versions up through 4.45.0. The security update escalates wrangler to version 4.59.1, representing a significant version jump that suggests substantial code-level remediation was required to close the injection vector.

wrangler serves as the primary interface for developers managing serverless functions and static sites on Cloudflare's global edge network. The vulnerability enables arbitrary OS command execution through malicious input processed during the pages deployment workflow, posing acute risk in automated build and deployment pipelines where wrangler handles untrusted or user-supplied values. Security advisories confirm the flaw is tied to improper handling of external input passed through the deployment command, making it particularly dangerous in CI/CD environments.

Developers and DevOps teams using Cloudflare's developer platform should immediately verify that all instances of wrangler—whether in local development environments, CI/CD pipelines, or production automation scripts—are updated to v4.59.1 or later. Organizations running automated deployments through GitHub Actions, GitLab CI, or similar platforms should audit their workflow configurations to confirm the patched version is in use. The timing of the disclosure, paired with the severity of command injection flaws, raises pressure for rapid remediation across the Cloudflare developer ecosystem.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cloudflare, wrangler, os-command-injection, cve-2026-0933, security-patch
- **Credibility**: unverified
- **Published**: 2026-05-02 19:54:07
- **ID**: 79040
- **URL**: https://whisperx.ai/en/intel/79040