OS Command Injection Vulnerability in Anthropic Claude Code CLI and Agent SDK
CVE-2026-35022

9.3CRITICAL

Key Information:

Vendor: Anthropic
Status: Claude Code; Claude Agent Sdk For Python
Vendor: CVE Published:; 6 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-35022?

The Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability in the authentication helper execution. This flaw arises from the lack of input validation in the execution of helper configuration values, allowing an attacker with the ability to manipulate authentication parameters, such as apiKeyHelper and awsAuthRefresh, to inject shell metacharacters. This can lead to the execution of arbitrary commands at the user or automation environment's privilege level, posing significant risks of credential theft and environment variable exfiltration.

Affected Version(s)

Claude Agent SDK for Python 0 <= 0.1.55

Claude Code 0 <= 2.1.91

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-35022 - Proof of Concept

References

https://phoenix.security/critical-ci-cd-nightmare-3-comma...

technical-descriptionexploit

https://www.vulncheck.com/advisories/anthropic-claude-cod...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 6, 2026
👾
Exploit known to exist
Apr 6, 2026
Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Francesco Cipollone

CVE-2026-35022 Data

JSON