CVE-2026-34451

MEDIUM

Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Title source: cna

Description

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.

References (3)

[X_Refsource_Confirm] https://github.com/anthropics/anthropic-sdk-typescript/security/advisories/GHSA-5474-4w2j-mq4c

[X_Refsource_Misc] https://github.com/anthropics/anthropic-sdk-typescript/commit/0ac69b3438ee9c96b21a7d3c39c07b7cdb6995d9

View Writeup ZIP pw:eip

[X_Refsource_Misc] https://github.com/anthropics/anthropic-sdk-typescript/releases/tag/sdk-v0.81.0

Scores

CVSS v3 5.4

EPSS 0.0009

EPSS Percentile 25.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-41

Status published

Products (3)

anthropic/claude_sdk_for_typescript 0.79.0 - 0.81.0

anthropic-ai/sdk 0.79.0 - 0.81.0npm

anthropics/anthropic-sdk-typescript >= 0.79.0, < 0.81.0

Published Mar 31, 2026

Tracked Since Apr 01, 2026