CVE-2026-34451
Received Received - Intake
Path Traversal in Claude TypeScript SDK Allows Unauthorized File Access

Publication date: 2026-03-31

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34451
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_sdk_for_typescript From 0.79.0 (inc) to 0.81.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-41 The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Claude SDK for TypeScript versions from 0.79.0 to before 0.81.0. It involves the local filesystem memory tool, which validated model-supplied file paths using a string prefix check that did not include a trailing path separator.

Because of this improper validation, a malicious model influenced by prompt injection could supply a crafted file path that resolves to a sibling directory sharing the memory root's name as a prefix. This allows unauthorized reads and writes outside the intended sandboxed memory directory.

This issue was fixed in version 0.81.0 of the SDK.

Impact Analysis

This vulnerability can allow an attacker to read from and write to files outside the intended sandboxed memory directory on the local filesystem.

Such unauthorized access could lead to exposure or modification of sensitive data, potentially compromising the security and integrity of the system using the Claude SDK.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Claude SDK for TypeScript to version 0.81.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34451. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart