High severity8.4NVD Advisory· Published Apr 6, 2026· Updated Apr 29, 2026

CVE-2026-35020

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal CLI execution as well as via the deep-link handler path, resulting in arbitrary command execution with the privileges of the user running the CLI.

Affected products

Anthropic/Claude Agent Sdk
cpe:2.3:a:anthropic:claude_agent_sdk:*:*:*:*:*:python:*:*
Range: <=0.1.55
Anthropic/Claude Code
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
Range: <=2.1.91

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/nvdExploitThird Party Advisory
www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-terminal-environment-variablenvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000