CVE-2026-35020

HIGH 8.4

Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable

CVSS Score

8.4

EPSS Score

0.1%

EPSS Percentile

26th

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal CLI execution as well as via the deep-link handler path, resulting in arbitrary command execution with the privileges of the user running the CLI.

CWE	CWE-78
Vendor	anthropic
Product	claude code
Published	Apr 6, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for anthropic claude code

Be the first to know when new high vulnerabilities affecting anthropic claude code are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Anthropic / Claude Code

0 ≤ 2.1.91

Anthropic / Claude Agent SDK for Python

0 ≤ 0.1.55

References

NVD ↗ CVE.org ↗ EPSS Data ↗

phoenix.security: https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ vulncheck.com: https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-terminal-environment-variable

Credits

Francesco Cipollone