CVE-2026-34452— Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34452
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a symlink between validation and use, causing reads or writes to escape the sandbox. The synchronous memory tool implementation was not affected. This issue has been patched in version 0.87.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Claude SDK for Python 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Claude SDK for Python是Anthropic开源的一个用于调用Claude API的Python软件开发工具包。 Claude SDK for Python 0.87.0之前版本存在安全漏洞,该漏洞源于异步本地文件系统内存工具返回未解析的路径,可能导致符号链接攻击,从而脱离沙箱限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| anthropics | anthropic-sdk-python | >= 0.86.0, < 0.87.0 | - |
II. Public POCs for CVE-2026-34452
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34452
请登录查看更多情报信息。
Same Patch Batch · anthropics · 2026-03-31 · 3 CVEs total
| CVE-2026-34451 | Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Di | |
| CVE-2026-34450 | Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool |
IV. Related Vulnerabilities
Same vendor: anthropics
- CVE-2026-40068
Claude Code arbitrary code execution via git worktree common - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-39861
Claude Code: Sandbox Escape via Symlink Following Allows Arb - CVE-2026-35603
Claude Code: Insecure System-Wide Configuration Loading Enab - CVE-2026-34451
Claude SDK for TypeScript: Memory Tool Path Validation Allow
Same weakness: CWE-59
- CVE-2021-47949
CyberPanel 2.1 Authenticated Remote Code Execution via Symli - CVE-2026-41882
JetBrains IntelliJ IDEA 后置链接漏洞 - CVE-2026-27105
Dell Alienware Purchased Apps 后置链接漏洞 - CVE-2026-5161
Improper Authentication in TUBITAK BILGEM's Pardus About - CVE-2026-41397
OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File
V. Comments for CVE-2026-34452
No comments yet