CVE-2026-35020

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk...

CVE-2025-64340

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

EUVD-2026-19440

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

EUVD-2026-19438

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...

CVE-2026-35021

Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

CVE-2026-35022

...

CVE-2026-35022

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior...

CVE-2026-35022

...

CVE-2026-35022

Anthropic Claude Code CLI and Claude Agent SDK are cited in multiple sources as vulnerable to an OS command injection in authentication helper execution. The underlying issue is that helper configuration values are executed with shell=true without input validation, allowing injection of shell met...

CVE-2026-35021

...

CVE-2026-35021

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...

CVE-2026-35021

...

CVE-2026-35021

The CVE-2026-35021 entry is rejected by the CNA and does not represent an active vulnerability.

CVE-2026-35020

...

CVE-2026-35020

...

CVE-2026-35020

This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools...

Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞

Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...

PT-2026-30707

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description The Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the prompt editor invocation utility. Attackers can execute...