{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35020", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "REJECTED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-31T20:40:15.618Z", "datePublished": "2026-04-06T18:58:40.513Z", "dateUpdated": "2026-05-29T16:25:15.369Z", "dateRejected": "2026-05-29T16:25:15.369Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-29T16:25:15.369Z"}, "rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools."}]}], "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35020", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "REJECTED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-31T20:40:15.618Z", "datePublished": "2026-04-06T18:58:40.513Z", "dateUpdated": "2026-05-29T16:25:15.369Z", "dateRejected": "2026-05-29T16:25:15.369Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-29T16:25:15.369Z"}, "rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools."}]}], "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools."}], "id": "CVE-2026-35020", "lastModified": "2026-05-29T18:16:31.540", "metrics": {}, "published": "2026-04-06T20:16:24.863", "references": [], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Rejected"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.1.55]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Claude Agent SDK for Python", "source": "cna", "vendor": "Anthropic"}, "product": "claude_agent_sdk_for_python", "vendor": "anthropic"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.91]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Claude Code", "source": "cna", "vendor": "Anthropic"}, "product": "claude_code", "vendor": "anthropic"}], "analysis": {"en": {"generated_at": "2026-04-07T01:42:13.954194+00:00", "value": {"mitigation_remediation": ["Apply a vendor\u2011supplied patch that removes the vulnerability from the CLI and SDK.", "If a patch is unavailable, permanently unset or sanitize the TERMINAL environment variable before invoking the Claude CLI or deep\u2011link handler.", "Restrict execution of the CLI to trusted users or environments with strict access controls.", "Monitor system logs for unexpected command execution patterns that may indicate exploitation attempts."], "summary": {"action": "Immediate patch", "impact": "Arbitrary command execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of Anthropic\u2019s Claude Code CLI and the Claude Agent SDK for Python where the command lookup helper and deep\u2011link terminal launcher are present. No specific version numbers are listed, implying that all current releases are susceptible.", "description_and_impact": "Anthropic\u2019s Claude Code CLI and Claude Agent SDK for Python contain an OS command injection flaw that is triggered by manipulating the TERMINAL environment variable. When the command lookup helper or deep\u2011link terminal launcher constructs and executes shell commands with /bin/sh, any shell metacharacters injected into TERMINAL are interpreted, allowing a local attacker to run arbitrary commands. The flaw is a classic CWE\u201178 weakness and can lead to execution of shell commands with the privileges of the user running the CLI, potentially compromising credentials and system integrity.", "risk_and_exploitability": "With a CVSS score of 8.6 the flaw is considered high severity. Exploitation requires local access sufficient to set environment variables before invoking the CLI or deep\u2011link handler, meaning any user with such access can mount a successful attack. The EPSS score is unavailable, and the vulnerability is not currently listed in the CISA KEV catalog, but the lack of a patch and the local nature of the attack suggest that organizations running these tools should treat the risk as serious and seek remediation promptly."}}}}, "created": "2026-04-07T06:54:40.238900+00:00", "updated": "2026-04-07T09:37:44.517872+00:00", "vendors": ["anthropic", "anthropic$PRODUCT$claude_agent_sdk_for_python", "anthropic$PRODUCT$claude_code"]}