Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal vulnerability in ErlichLiu claude-agent-sdk-master allows remote unauthenticated attackers to read arbitrary files by manipulating the outputFile parameter in app/api/agent-output/route.ts. The vulnerability has a CVSS score of 5.3 (low integrity impact) and publicly available exploit code exists, though the project uses rolling releases and the maintainer has not yet responded to disclosure.
Technical ContextAI
The vulnerability exists in a TypeScript/Node.js API route (app/api/agent-output/route.ts) that processes file output operations, likely within a Next.js application framework. The root cause is CWE-22 (improper limitation of a pathname to a restricted directory), where user-supplied input to the outputFile parameter is not properly validated or sanitized before being used in file system operations. An attacker can inject path traversal sequences (such as ../ or absolute paths) to escape the intended directory and access files outside the application's intended scope. The network attack vector (AV:N) and low attack complexity (AC:L) indicate the vulnerability can be exploited over HTTP/HTTPS without special conditions.
RemediationAI
No vendor-released patch has been confirmed at the time of analysis, as the maintainer has not yet responded to the disclosure. Immediate remediation requires implementing input validation and sanitization in app/api/agent-output/route.ts to reject or normalize the outputFile parameter, stripping path traversal sequences (../, ..\ , absolute paths, etc.) and restricting file access to a whitelist of safe output directories. Apply a robust path canonicalization function (e.g., Node.js path.resolve() combined with checks ensuring the resolved path remains within the intended directory) before any file system operation. Additionally, run the application with minimal file system permissions and consider disabling or restricting HTTP access to the agent-output endpoint if it is not required for production use. Monitor the GitHub repository (https://github.com/ErlichLiu/claude-agent-sdk-master) for updates or alternative branches with fixes; if no response is forthcoming, consider forking and applying the fix locally or switching to a maintained alternative.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26007