CVE-2026-34451
Received Received - Intake
Path Traversal in Claude TypeScript SDK Allows Unauthorized File Access

Publication date: 2026-03-31

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-20
Generated
2026-05-07
AI Q&A
2026-04-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-34451
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_sdk_for_typescript From 0.79.0 (inc) to 0.81.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-41 The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Claude SDK for TypeScript versions from 0.79.0 to before 0.81.0. It involves the local filesystem memory tool, which validated model-supplied file paths using a string prefix check that did not include a trailing path separator.

Because of this improper validation, a malicious model influenced by prompt injection could supply a crafted file path that resolves to a sibling directory sharing the memory root's name as a prefix. This allows unauthorized reads and writes outside the intended sandboxed memory directory.

This issue was fixed in version 0.81.0 of the SDK.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to read from and write to files outside the intended sandboxed memory directory on the local filesystem.

Such unauthorized access could lead to exposure or modification of sensitive data, potentially compromising the security and integrity of the system using the Claude SDK.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade the Claude SDK for TypeScript to version 0.81.0 or later, where the issue has been patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart