Tag
CVE-2026-35022 describes an OS command injection vulnerability in the Anthropic Claude Code CLI and Claude Agent SDK that allows attackers with control over authentication settings to execute arbitrary commands, potentially leading to credential theft and environment variable exfiltration.