6 matches found
CVE-2026-35020
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...
EUVD-2026-19438
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...
CVE-2026-35020
Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...
CVE-2026-35020
...
CVE-2026-35020
...
PT-2026-30706
Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the command lookup helper and deep-link terminal launcher. Local...