Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.

Affected Products

Vendor	Product	Versions
anthropic	claude	0, 0

References

https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/(technical-description, exploit)
https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper(third-party-advisory)

Related News (2 articles)

Tier E

Lobsters Security8h ago

Anthropic Claude Code Leak Reveals Critical Command Injection Vulnerabilities

→ No new info (linked only)

Tier C

VulDB12d ago

CVE-2026-35022 | Anthropic Claude Code/Claude Agent SDK for Python os command injection

→ No new info (linked only)

CVSS 3.19.8 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedApr 6, 2026

Last enriched12d agov2

Trending Score64

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History