CVE-2026-35021

Source
https://cve.org/CVERecord?id=CVE-2026-35021
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35021.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-35021
Published
2026-04-06T18:59:06.979Z
Modified
2026-07-08T08:12:58.901769095Z
Severity
  • 8.4 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Anthropic Claude Code & Agent SDK OS Command Injection via promptEditor.ts
Details

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands executed via execSync. Although the file path is wrapped in double quotes, POSIX shell semantics (POSIX ยง2.2.3) do not prevent command substitution within double quotes, allowing injected expressions to be evaluated and resulting in arbitrary command execution with the privileges of the user running the CLI.

Database specific
{
    "cwe_ids": [
        "CWE-78"
    ],
    "isDisputed": true,
    "cna_assigner": "VulnCheck",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35021.json"
}
References

Affected packages

Git / github.com/anthropics/claude-agent-sdk-python

Affected ranges

Type
GIT
Repo
https://github.com/anthropics/claude-agent-sdk-python
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.1.55"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v0.*
v0.0.16
v0.0.17
v0.0.18
v0.0.19
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.34
v0.1.35
v0.1.36
v0.1.37
v0.1.38
v0.1.39
v0.1.4
v0.1.40
v0.1.41
v0.1.42
v0.1.43
v0.1.44
v0.1.45
v0.1.46
v0.1.47
v0.1.48
v0.1.49
v0.1.5
v0.1.50
v0.1.51
v0.1.52
v0.1.53
v0.1.54
v0.1.55
v0.1.6
v0.1.7
v0.1.8
v0.1.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35021.json"

Git / github.com/anthropics/claude-code

Affected ranges

Type
GIT
Repo
https://github.com/anthropics/claude-code
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.91"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v2.*
v2.0.73
v2.0.74
v2.0.76
v2.1.0
v2.1.1
v2.1.11
v2.1.12
v2.1.14
v2.1.15
v2.1.16
v2.1.17
v2.1.19
v2.1.2
v2.1.20
v2.1.21
v2.1.22
v2.1.23
v2.1.25
v2.1.27
v2.1.29
v2.1.3
v2.1.30
v2.1.31
v2.1.32
v2.1.33
v2.1.34
v2.1.36
v2.1.37
v2.1.38
v2.1.39
v2.1.4
v2.1.41
v2.1.42
v2.1.44
v2.1.45
v2.1.47
v2.1.49
v2.1.5
v2.1.50
v2.1.51
v2.1.52
v2.1.53
v2.1.55
v2.1.56
v2.1.58
v2.1.59
v2.1.6
v2.1.61
v2.1.62
v2.1.63
v2.1.66
v2.1.68
v2.1.69
v2.1.7
v2.1.70
v2.1.71
v2.1.72
v2.1.73
v2.1.74
v2.1.75
v2.1.76
v2.1.77
v2.1.78
v2.1.79
v2.1.80
v2.1.81
v2.1.83
v2.1.84
v2.1.85
v2.1.86
v2.1.87
v2.1.88
v2.1.89
v2.1.9
v2.1.90
v2.1.91

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35021.json"