CVE-2026-35021

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-35021
Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

29 May 2026, 18:16

Type Values Removed Values Added
CWE CWE-78
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : unknown
References
  • {'url': 'https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-prompteditor-ts', 'tags': ['Third Party Advisory'], 'source': 'disclosure@vulncheck.com'}
Summary (en) Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands executed via execSync. Although the file path is wrapped in double quotes, POSIX shell semantics (POSIX §2.2.3) do not prevent command substitution within double quotes, allowing injected expressions to be evaluated and resulting in arbitrary command execution with the privileges of the user running the CLI. (en) Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code.
CPE cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
cpe:2.3:a:anthropic:claude_agent_sdk:*:*:*:*:*:python:*:*

29 Apr 2026, 19:05

Type Values Removed Values Added
References () https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ - () https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ - Exploit, Third Party Advisory
References () https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-prompteditor-ts - () https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-prompteditor-ts - Third Party Advisory
First Time Anthropic
Anthropic claude Agent Sdk
Anthropic claude Code
CPE cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
cpe:2.3:a:anthropic:claude_agent_sdk:*:*:*:*:*:python:*:*

06 Apr 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-06 20:16

Updated : 2026-05-29 18:16

NVD link : CVE-2026-35021

Mitre link : CVE-2026-35021

CVE.ORG link : CVE-2026-35021

JSON object : View

Products Affected

No product.

CWE

No CWE.