{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35022", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "REJECTED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-31T20:40:15.618Z", "datePublished": "2026-04-06T18:59:29.656Z", "dateUpdated": "2026-05-29T16:26:48.962Z", "dateRejected": "2026-05-29T16:26:48.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-29T16:26:48.962Z"}, "rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior rather than a vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior rather than a vulnerability."}]}], "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35022", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "REJECTED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-31T20:40:15.618Z", "datePublished": "2026-04-06T18:59:29.656Z", "dateUpdated": "2026-05-29T16:26:48.962Z", "dateRejected": "2026-05-29T16:26:48.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-29T16:26:48.962Z"}, "rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior rather than a vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior rather than a vulnerability."}]}], "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior rather than a vulnerability."}], "id": "CVE-2026-35022", "lastModified": "2026-05-29T18:16:55.833", "metrics": {}, "published": "2026-04-06T20:16:25.260", "references": [], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Rejected"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.1.55]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Claude Agent SDK for Python", "source": "cna", "vendor": "Anthropic"}, "product": "claude_agent_sdk_for_python", "vendor": "anthropic"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.91]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Claude Code", "source": "cna", "vendor": "Anthropic"}, "product": "claude_code", "vendor": "anthropic"}], "analysis": {"en": {"generated_at": "2026-04-07T01:41:02.851252+00:00", "value": {"mitigation_remediation": ["Verify whether Anthropic has released a patched version of Claude Code CLI or Claude Agent SDK that removes the unsafe shell execution.", "If no patch is available, disable or remove the insecure authentication helper configuration to prevent arbitrary command execution.", "Apply strict input validation or sanitization to any parameters used in helper configuration, ensuring they are not passed to the shell.", "Monitor runtime environments for unexpected shell activity and enforce least privilege on the accounts that run the SDK."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products are Anthropic Claude Code CLI and Anthropic Claude Agent SDK for Python. No specific product versions are provided, so all recent releases that include the authentication helper are potentially impacted.", "description_and_impact": "The vulnerability exists in the authentication helper of Anthropic Claude Code CLI and Claude Agent SDK for Python. The helper executes configuration values with shell=True and performs no input validation. When an attacker can influence authentication settings, they can insert shell metacharacters into parameters such as apiKeyHelper, awsAuthRefresh, awsCredentialExport, or gcpAuthRefresh, allowing arbitrary shell commands to run with the privileges of the user or automation environment, leading to credential theft and exfiltration of environment variables.", "risk_and_exploitability": "The CVSS score of 9.3 indicates a severe risk. While EPSS data is unavailable and the vulnerability is not listed in the KEV catalog, the lack of input validation and ability to execute arbitrary commands make it highly valuable to attackers. Exploitation requires the ability to modify authentication helper settings, which could be achieved through compromised credentials or privileged access to configuration files. Once an attacker controls the input, they can run arbitrary commands with elevated privileges."}}}}, "created": "2026-04-07T06:54:37.374340+00:00", "updated": "2026-04-07T09:37:41.147322+00:00", "vendors": ["anthropic", "anthropic$PRODUCT$claude_agent_sdk_for_python", "anthropic$PRODUCT$claude_code"]}