Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.
References
| Link | Resource |
|---|---|
| https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ | Exploit Third Party Advisory |
| https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Apr 2026, 19:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/ - Exploit, Third Party Advisory | |
| References | () https://www.vulncheck.com/advisories/anthropic-claude-code-agent-sdk-os-command-injection-via-authentication-helper - Third Party Advisory | |
| First Time |
Anthropic
Anthropic claude Agent Sdk Anthropic claude Code |
|
| CPE | cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:* cpe:2.3:a:anthropic:claude_agent_sdk:*:*:*:*:*:python:*:* |
06 Apr 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-06 20:16
Updated : 2026-04-29 19:00
NVD link : CVE-2026-35022
Mitre link : CVE-2026-35022
CVE.ORG link : CVE-2026-35022
JSON object : View
Products Affected
anthropic
- claude_code
- claude_agent_sdk
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')