13 matches found
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...
EUVD-2026-19440
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...
CVE-2026-35021
Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...
CVE-2026-35021
The CVE-2026-35021 entry is rejected by the CNA and does not represent an active vulnerability.
CVE-2026-35021
This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...
CVE-2026-35021
...
CVE-2026-35021
...
PT-2026-30707
Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description The Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the prompt editor invocation utility. Attackers can execute...
Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞
Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...
CVE-2024-5248
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
CVE-2024-5248
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
CVE-2024-5248 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
PT-2024-35320 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.5 Description: An improper access control issue exists due to a missing permission check in the "GET /v1/users/me/org" endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management...