Loading
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands executed via execSync. Although the file path is wrapped in double quotes, POSIX shell semantics (POSIX §2.2.3) do not prevent command substitution within double quotes, allowing injected expressions to be evaluated and resulting in arbitrary command execution with the privileges of the user running the CLI.
Use CWE-78, Anthropic vendor hub and Claude Agent Sdk product page to widen CVE-2026-35021 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-35022 and CVE-2026-35020 for nearby disclosures in the same product family.