CVE-2026-35022: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Anthropic Claude Code
Anthropic Claude Code CLI and Claude Agent SDK have an OS command injection vulnerability due to improper input validation in authentication helper execution. This flaw allows attackers who can influence authentication settings to inject shell metacharacters via parameters such as apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh. Exploitation can lead to arbitrary command execution with the privileges of the user or automation environment, potentially resulting in credential theft and environment variable exfiltration. The vulnerability has a critical CVSS 4. 0 score of 9. 3. The affected product is a cloud service, and the vendor manages remediation server-side. No known exploits in the wild have been reported to date.
AI Analysis
Technical Summary
CVE-2026-35022 is an OS command injection vulnerability (CWE-78) in Anthropic Claude Code CLI and Claude Agent SDK. The issue arises because authentication helper configuration values are executed with shell=true without proper input validation. Attackers able to manipulate authentication parameters such as apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh can inject shell metacharacters to execute arbitrary OS commands with user or automation environment privileges. This can lead to credential theft and environment variable exfiltration. The vulnerability affects version 0 of the product and has a CVSS 4.0 score of 9.3 (critical). The product is a cloud service, and remediation is managed by the vendor.
Potential Impact
Successful exploitation allows attackers to execute arbitrary OS commands with the privileges of the user or automation environment running the vulnerable components. This can result in theft of credentials and exfiltration of environment variables, potentially compromising system security and confidentiality. The vulnerability is rated critical with a high CVSS score of 9.3. No known exploits in the wild have been reported so far.
Mitigation Recommendations
Since the affected product is a cloud service, the vendor Anthropic manages remediation server-side. A patch is available, and users should verify with the vendor advisory for confirmation of applied fixes. There is no indication that users need to take additional action if the service is updated by the vendor. Patch status should be confirmed by consulting the official vendor advisory.
CVE-2026-35022: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Anthropic Claude Code
Description
Anthropic Claude Code CLI and Claude Agent SDK have an OS command injection vulnerability due to improper input validation in authentication helper execution. This flaw allows attackers who can influence authentication settings to inject shell metacharacters via parameters such as apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh. Exploitation can lead to arbitrary command execution with the privileges of the user or automation environment, potentially resulting in credential theft and environment variable exfiltration. The vulnerability has a critical CVSS 4. 0 score of 9. 3. The affected product is a cloud service, and the vendor manages remediation server-side. No known exploits in the wild have been reported to date.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35022 is an OS command injection vulnerability (CWE-78) in Anthropic Claude Code CLI and Claude Agent SDK. The issue arises because authentication helper configuration values are executed with shell=true without proper input validation. Attackers able to manipulate authentication parameters such as apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh can inject shell metacharacters to execute arbitrary OS commands with user or automation environment privileges. This can lead to credential theft and environment variable exfiltration. The vulnerability affects version 0 of the product and has a CVSS 4.0 score of 9.3 (critical). The product is a cloud service, and remediation is managed by the vendor.
Potential Impact
Successful exploitation allows attackers to execute arbitrary OS commands with the privileges of the user or automation environment running the vulnerable components. This can result in theft of credentials and exfiltration of environment variables, potentially compromising system security and confidentiality. The vulnerability is rated critical with a high CVSS score of 9.3. No known exploits in the wild have been reported so far.
Mitigation Recommendations
Since the affected product is a cloud service, the vendor Anthropic manages remediation server-side. A patch is available, and users should verify with the vendor advisory for confirmation of applied fixes. There is no indication that users need to take additional action if the service is updated by the vendor. Patch status should be confirmed by consulting the official vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-03-31T20:40:15.618Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d409d70a160ebd92d5a937
Added to database: 4/6/2026, 7:30:31 PM
Last enriched: 4/6/2026, 7:45:59 PM
Last updated: 4/7/2026, 1:19:09 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.