EUVD-2026-19442
GHSA-479q-mw77-pmr5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environment, enabling credential theft and environment variable exfiltration.
Analysis
OS command injection in Anthropic Claude Code CLI and Agent SDK for Python allows remote, unauthenticated attackers to execute arbitrary commands through unsanitized authentication helper parameters processed with shell=true. The vulnerability enables credential theft and environment variable exfiltration in CI/CD pipelines where these tools run with elevated automation privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Claude Code CLI or Agent SDK for Python by scanning CI/CD configurations, deployment manifests, and development environments; isolate affected runners from production secrets and credential stores. Within 7 days: Implement network-level restrictions blocking these SDK versions from outbound command execution; apply mandatory code review gates for any automation using these tools; rotate all credentials that may have been exposed via CI/CD runners. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today