Skip to main content

Claude Sdk For Typescript CVE-2026-34451

| EUVDEUVD-2026-17679 MEDIUM
Path Traversal (CWE-22)
2026-03-31 security-advisories@github.com GHSA-5474-4w2j-mq4c
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Mar 31, 2026 - 22:22 euvd
EUVD-2026-17679
Analysis Generated
Mar 31, 2026 - 22:22 vuln.today
CVE Published
Mar 31, 2026 - 22:16 nvd
MEDIUM 6.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 47 npm packages depend on @anthropic-ai/sdk (46 direct, 1 indirect)

Ecosystem-wide dependent count for version 0.79.0.

DescriptionGitHub Advisory

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.

AnalysisAI

Path traversal vulnerability in Anthropic Claude SDK for TypeScript (versions 0.79.0-0.80.x) allows remote attackers to read and write files outside the intended sandboxed memory directory via prompt injection. The vulnerability exploits incomplete path validation in the local filesystem memory tool, where a model supplied with crafted input can reference sibling directories sharing the memory root's name prefix. Patch available in version 0.81.0; no public exploit code or active exploitation confirmed, but the attack surface is exposed to any application using the affected SDK versions with model-supplied file paths.

Technical ContextAI

The Anthropic Claude SDK for TypeScript implements a local filesystem memory tool that manages file I/O operations intended to be sandboxed within a specific directory. The vulnerability resides in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, 'Path Traversal'), occurring in the path validation logic that uses a simple string prefix check without appending a trailing path separator. For example, if the memory root is /app/memory, an attacker can supply /app/memory-sibling as a crafted path; because the prefix check only validates that the path starts with /app/memory (without the separator), it incorrectly permits traversal to /app/memory-sibling and its contents. This allows arbitrary file read/write operations on the host filesystem when a language model is prompted to use the memory tool with malicious input, effectively breaking the sandbox boundary.

RemediationAI

Immediately upgrade the Anthropic Claude SDK for TypeScript to version 0.81.0 or later, which contains the patched path validation logic that correctly appends trailing path separators before prefix checks. For applications unable to update immediately, implement input sanitization and validation at the application layer to prevent prompt injection attacks that could exploit the memory tool feature; sanitize all user-controllable input passed to model prompts and restrict the model's access to the memory tool if possible through SDK configuration. Consult the security advisory at https://github.com/anthropics/anthropic-sdk-typescript/security/advisories/GHSA-5474-4w2j-mq4c for additional context and confirmation of the patch.

Share

CVE-2026-34451 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy