CVE-2026-34451
Description
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@anthropic-ai/sdknpm | >= 0.79.0, < 0.81.0 | 0.81.0 |
Affected products
2- cpe:2.3:a:anthropic:claude_sdk_for_typescript:*:*:*:*:*:*:*:*Range: >=0.79.0,<0.81.0
Patches
Vulnerability mechanics
References
5- github.com/anthropics/anthropic-sdk-typescript/commit/0ac69b3438ee9c96b21a7d3c39c07b7cdb6995d9nvdPatchWEB
- github.com/advisories/GHSA-5474-4w2j-mq4cghsaADVISORY
- github.com/anthropics/anthropic-sdk-typescript/security/advisories/GHSA-5474-4w2j-mq4cnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34451ghsaADVISORY
- github.com/anthropics/anthropic-sdk-typescript/releases/tag/sdk-v0.81.0nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.