Vulnerability Description
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be triggered during normal CLI execution as well as via the deep-link handler path, resulting in arbitrary command execution with the privileges of the user running the CLI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anthropic | Claude Agent Sdk | <= 0.1.55 |
| Anthropic | Claude Code | <= 2.1.91 |
Related Weaknesses (CWE)
References
- https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-cExploitThird Party Advisory
- https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-Third Party Advisory
FAQ
What is CVE-2026-35020?
CVE-2026-35020 is a vulnerability with a CVSS score of 8.4 (HIGH). Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitra...
How severe is CVE-2026-35020?
CVE-2026-35020 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-35020?
Check the references section above for vendor advisories and patch information. Affected products include: Anthropic Claude Agent Sdk, Anthropic Claude Code.