CVE-2026-35021: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invoca
Summary
Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where attackers can execute arbitrary commands (run any code they want) by inserting shell metacharacters (special characters like $() that tell the system to run commands) into file paths. Even though the code tries to protect these paths by wrapping them in double quotes, the POSIX shell (the command-line interface on Unix/Linux systems) still processes these injected expressions, giving attackers the same permissions as the user running the CLI.
Vulnerability Details
7.8(high)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
local
low
none
required
April 6, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35021
First tracked: April 6, 2026 at 08:08 PM
Classified by LLM (prompt v3) · confidence: 95%