CVE-2026-35022: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper ex
criticalvulnerabilityLLM-Specific
security
Summary
Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where authentication helper settings are executed with shell=true (allowing shell commands to run) without checking the input first. An attacker who can change settings like apiKeyHelper or awsAuthRefresh could inject shell metacharacters (special characters that have meaning in command shells) to run arbitrary commands with the user's privileges, potentially stealing credentials or accessing environment variables.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 6, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
Affected Vendors
Anthropic
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35022
First tracked: April 6, 2026 at 08:08 PM
Classified by LLM (prompt v3) · confidence: 95%