CVE-2026-34451— Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34451
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories
Source: NVD (National Vulnerability Database)
Vulnerability Description
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Claude SDK for TypeScript 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Claude SDK for TypeScript是Anthropic开源的一个用于调用Claude API的TypeScript软件开发工具包。 Claude SDK for TypeScript 0.81.0之前版本存在安全漏洞,该漏洞源于本地文件系统内存工具对模型提供路径的验证不足,可能导致路径遍历攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| anthropics | anthropic-sdk-typescript | >= 0.79.0, < 0.81.0 | - |
II. Public POCs for CVE-2026-34451
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34451
请登录查看更多情报信息。
Same Patch Batch · anthropics · 2026-03-31 · 3 CVEs total
| CVE-2026-34452 | Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape | |
| CVE-2026-34450 | Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool |
IV. Related Vulnerabilities
Same vendor: anthropics
- CVE-2026-40068
Claude Code arbitrary code execution via git worktree common - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-39861
Claude Code: Sandbox Escape via Symlink Following Allows Arb - CVE-2026-35603
Claude Code: Insecure System-Wide Configuration Loading Enab - CVE-2026-34450
Claude SDK for Python: Insecure Default File Permissions in
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2026-34451
No comments yet