CVE-2026-35022
published 2026-04-06CVE-2026-35022: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration…
PriorityP259critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anthropic | claude_agent_sdk | <= 0.1.55 | — |
| anthropic | claude_agent_sdk_for_python | <= 0.1.55 | — |
| anthropic | claude_code | <= 2.1.91 | — |
| anthropic | claude_code | <= 2.1.91 | — |
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cvelistv59.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Anthropic Claude Code/Claude Agent SDK for Python os command injection (EUVD-2026-19442)
vuldb·2026-06-01
CVE-2026-35022 [CRITICAL] Anthropic Claude Code/Claude Agent SDK for Python os command injection (EUVD-2026-19442)
This appears to be a false positive. Please validate the mentioned sources and consider excluding this entry altogether.
GHSA
GHSA-479q-mw77-pmr5: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configura
ghsa_unreviewed·2026-04-06
CVE-2026-35022 [CRITICAL] CWE-78 GHSA-479q-mw77-pmr5: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configura
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.
CVEList
Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper
cvelistv5·2026-04-06·CVSS 9.3
CVE-2026-35022 [CRITICAL] CWE-78 Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper
Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-06
Published