CVE-2026-35022

CRITICAL 9.8

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

CVSS Score

9.8

EPSS Score

0.3%

EPSS Percentile

55th

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.

CWE	CWE-78
Vendor	anthropic
Product	claude code
Published	Apr 6, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for anthropic claude code

Be the first to know when new critical vulnerabilities affecting anthropic claude code are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Anthropic / Claude Code

0 ≤ 2.1.91

Anthropic / Claude Agent SDK for Python

0 ≤ 0.1.55

References

NVD ↗ CVE.org ↗ EPSS Data ↗

phoenix.security: https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ vulncheck.com: https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper

Credits

Francesco Cipollone