CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/28 6:30 a.m.•11 views

CVE-2026-7235

CVE-2026-7235 affects the ErlichLiu claude-agent-sdk-master project (up to commit b185aa7ff0d864581257008077b4010fca1747bf). The vulnerability is in app/api/agent-output/route.ts where manipulation of the outputFile argument leads to a path traversal. The issue could be remotely triggered and has...

6.9CVSS5.6AI score0.0046EPSS

EUVD•added 2026/04/28 6:30 a.m.•5 views

EUVD-2026-26007

6.9CVSS5.5AI score0.0046EPSS

Vulnrichment•added 2026/04/28 6:30 a.m.•6 views

CVE-2026-7235 ErlichLiu claude-agent-sdk-master route.ts path traversal

6.9CVSS5.4AI score0.0046EPSS

ATTACKERKB•added 2026/04/28 6:30 a.m.•3 views

CVE-2026-7235

6.9CVSS5.2AI score0.0046EPSS

Cvelist•added 2026/04/28 6:30 a.m.•25 views

CVE-2026-7235 ErlichLiu claude-agent-sdk-master route.ts path traversal

6.9CVSS0.0046EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•5 views

PT-2026-35681

6.9CVSS5.2AI score0.0046EPSS

Exploits0References6

CNNVD•added 2026/04/28 12:0 a.m.•9 views

Claude Agent SDK Master 路径遍历漏洞

Claude Agent SDK Master is a progressive learning tutorial for Claude Agent SDK developed by Erlich. Claude Agent SDK Master has a path traversal vulnerability; this vulnerability stems from the outputFile parameter in the app/api/agent-output/route.ts file, which allows for path traversal,...

6.9CVSS6.1AI score0.0046EPSS

Exploits0References1

RedhatCVE•added 2026/04/07 11:1 p.m.•3 views

CVE-2026-35020

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...

8.6CVSS6.2AI score0.00114EPSS

Exploits0References1

EUVD•added 2026/04/06 9:31 p.m.•2 views

EUVD-2026-19440

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

8.4CVSS6.2AI score0.00041EPSS

EUVD•added 2026/04/06 9:31 p.m.•5 views

EUVD-2026-19438

8.6CVSS6.2AI score0.00114EPSS

NVD•added 2026/04/06 8:16 p.m.•4 views

CVE-2026-35021

Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...

0.00041EPSS

NVD•added 2026/04/06 8:16 p.m.•6 views

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

0.00114EPSS

ATTACKERKB•added 2026/04/06 6:59 p.m.•1 views

CVE-2026-35022

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior...

5.7AI score0.00596EPSS

Vulnrichment•added 2026/04/06 6:59 p.m.•2 views

CVE-2026-35022

...

5.8AI score0.00596EPSS

Cvelist•added 2026/04/06 6:59 p.m.•19 views

CVE-2026-35021

...

0.00041EPSS

ATTACKERKB•added 2026/04/06 6:59 p.m.•2 views

CVE-2026-35021

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...

5.8AI score0.00041EPSS

CVE•added 2026/04/06 6:58 p.m.•10 views

CVE-2026-35020

CVE-2026-35020 entry is rejected/not used by the CNA.

6.2AI score0.00114EPSS

Vulnrichment•added 2026/04/06 6:58 p.m.•5 views

CVE-2026-35020

...

5.8AI score0.00114EPSS