CVE-2026-35022 — OS Command Injection in Claude Agent SDK FOR Python

CWE-78 — OS Command Injection2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

0.3%

top 45.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropic Claude Agent SDK FOR Python Anthropic Claude Code

Timeline

PublishedApr 6

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling creden…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5anthropic/claude_code2.1.91

▶CVEListV5anthropic/claude_agent_sdk_for_python0.1.55

🔴Vulnerability Details

GHSA

GHSA-479q-mw77-pmr5: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configura↗2026-04-06

▶