DigiNews

Summary

The article reports three critical command injection vulnerabilities in Anthropic Claude Code (CVE-2026-35022, CVSS 9.8) affecting the CLI, editor, and authentication helpers. It provides concrete remediation steps such as updating to the latest version, setting the ANTHROPIC_API_KEY environment variable directly, and auditing CI/CD pipelines and .claude/settings.json changes to mitigate supply chain risk.