write-ups RCE in Github Desktop <v2.9.4 RCE via gh run download (GitHub CLI) Claude Code: unsandboxed code execution from prompt injection via .git worktree confusion — CVE-2026-55607