Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-35022EXPLOITED

anthropic · claude

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

Description

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.

Affected Products

Vendor	Product	Versions
anthropic	claude	0, 0

References

https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/(technical-description, exploit)
https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper(third-party-advisory)

Related News (2 articles)

Tier E

Lobsters Security70d ago

Anthropic Claude Code Leak Reveals Critical Command Injection Vulnerabilities

→ No new info (linked only)

Tier C

VulDB82d ago

CVE-2026-35022 | Anthropic Claude Code/Claude Agent SDK for Python os command injection

→ No new info (linked only)

CVSS 3.19.8 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedApr 6, 2026

Last enriched82d agov2

Trending Score0

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-54316EXP

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

HIGHCVE-2026-7574

Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic's Fable 5 Model Jailbroken

MEDIUMCVE-2026-46406

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

HIGHCVE-2026-40068

Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Updated: severity, activelyExploited

Apr 6, 2026

Actively Exploited

Apr 13, 2026

Version History

v2

Last enriched 82d ago

v2Tier C82d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v182d ago

Initial creation