Three Critical CVEs in Claude Code CLI Chain to Credential Exfiltration — Bypass Patch Also Shipped April 6
If you’re running Claude Code CLI in any CI/CD pipeline, stop what you’re doing and check your version. Right now. Three newly registered CVEs — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — are command injection flaws in Claude Code CLI that researchers at phoenix.security validated as exploitable on v2.1.91 as recently as April 3, 2026. They chain together to enable credential exfiltration over plain HTTP, and every one of them carries a CVSS score of 9.8 (Critical). On top of that, Anthropic shipped a separate patch on April 6 for a distinct high-severity deny-rule bypass — both security issues trace back to the same Claude Code source leak. ...