An OS command injection vulnerability in Anthropic Claude tools allows attackers to execute arbitrary code with the privileges of the automation environment, posing a critical risk of system compromise.

The vulnerability exists in the authentication helper execution logic, which uses shell=true without input validation. An attacker who can influence authentication settings can inject shell metacharacters into parameters to execute commands with the privileges of the active user.

A successful exploit allows for full command execution, leading to potential credential theft, environment variable exfiltration, and complete compromise of the host machine or automation pipeline. With a CVSS score of 9.8, this vulnerability represents a critical threat to data confidentiality and integrity.

Immediate Action: Update the Claude Code CLI and Claude Agent SDK to the latest available versions immediately.

Proactive Monitoring: Audit environment configurations and logs for unexpected shell invocations or unauthorized modifications to authentication helper parameters.

Compensating Controls: Implement strict input validation and access controls for any configuration files or environment variables that influence authentication helper execution.

Public Exploit Available: Unknown

The severity of this flaw necessitates immediate attention. Organizations utilizing Anthropic automation tools must verify their current versioning and apply patches as soon as they are made available by the vendor to prevent unauthorized command execution and environment compromise.