Zero Day MonitorZDM

← Back to list

8.4

CVE-2026-35020

anthropic · claude

Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal CLI execution as well as via the deep-link handler path, resulting in arbitrary command execution with the privileges of the user running the CLI.

Affected Products

Vendor	Product	Versions
anthropic	claude	0, 0

References

https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/(technical-description, exploit)
https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-terminal-environment-variable(third-party-advisory)

Related News (1 articles)

Tier C

VulDB14d ago

CVE-2026-35020 | Anthropic Claude Code/Claude Agent SDK for Python Environment Variable TERMINAL os command injection

→ No new info (linked only)

CVSS 3.18.4 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78

PublishedApr 6, 2026

Last enriched14d agov2

Trending Score6

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-35022EXP

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

HIGHCVE-2026-30624

CVE-2026-30624: Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The a

NONECVE-2026-35021

Anthropic Claude Code & Agent SDK OS Command Injection via promptEditor.ts

HIGHCVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before u

NONECVE-2026-34452

Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Updated: description, severity

Apr 6, 2026

Version History

v2

Last enriched 14d ago

v2Tier C14d ago

Updated severity to CRITICAL, corrected exploit availability, and provided a more detailed description of the vulnerability.

descriptionseverity

via VulDB

v114d ago

Initial creation