CVE-2026-35020: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helpe
highvulnerabilityLLM-Specific
security
Summary
Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where attackers can run arbitrary commands by manipulating the TERMINAL environment variable (a setting that controls which terminal program to use). When the software constructs shell commands, it doesn't properly sanitize the TERMINAL variable, allowing attackers to inject shell metacharacters (special characters that have meaning to command interpreters) that get executed with the user's privileges.
Vulnerability Details
CVSS Score
8.4(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
local
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 6, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Anthropic
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35020
First tracked: April 6, 2026 at 08:08 PM
Classified by LLM (prompt v3) · confidence: 95%