CVE-2026-7235

A path traversal vulnerability has been discovered in the ErlichLiu claude-agent-sdk-master project, specifically in the 04-agent-teams component within the file app/api/agent-output/route.ts [1]. The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) [2]. The vulnerability stems from the endpoint accepting a user-supplied outputFile value from the request body and passing it directly to fs.readFile after path normalization, without verifying that the resolved path stays within a trusted agent output directory or application workspace [2].

An attacker with network access to the exposed Next.js API endpoint can exploit this by manipulating the outputFile argument to traverse directories and read arbitrary files readable by the server process [2]. The attack can be initiated remotely without authentication beyond network access to the endpoint [1]. The vulnerability has been publicly disclosed along with details of the root cause, increasing the risk of active exploitation [2].

Successful exploitation allows an attacker to read sensitive information from the server, which may include configuration files, credentials, source code, or other confidential data stored on the filesystem [2]. This could lead to further compromise of the application or underlying infrastructure if secrets or private keys are exposed. The project uses a rolling release model and specific version information is not available, but the confirmed affected commit is b185aa7ff0d864581257008077b4010fca1747bf [1][2].

As of the publication date, no fix has been released, and the project has not responded to the initial report [1]. Users of affected versions should either apply input validation to restrict the outputFile path to a predefined allowed directory or disable the endpoint until a patch is issued [2]. The vulnerability has been assigned a CVSS v3 base score of 5.3 (Medium) [1].