CVE-2026-35020 — OS Command Injection in Claude Agent SDK FOR Python

CWE-78 — OS Command Injection2 documents2 sources

Severity

8.6HIGHNVD

EPSS

0.1%

top 74.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropic Claude Agent SDK FOR Python Anthropic Claude Code

Timeline

PublishedApr 6

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5anthropic/claude_code2.1.91

▶CVEListV5anthropic/claude_agent_sdk_for_python0.1.55

🔴Vulnerability Details

GHSA

GHSA-jgg3-qqhf-7rx7: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launc↗2026-04-06

▶