Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 63fdd8c208f4 · 2026-04-01T21:18:49.000Z
GHSA-5474-4w2j-mq4c GHSA-w828-4qhx-vxx3
diff --git a/advisories/github-reviewed/2026/04/GHSA-5474-4w2j-mq4c/GHSA-5474-4w2j-mq4c.json b/advisories/github-reviewed/2026/04/GHSA-5474-4w2j-mq4c/GHSA-5474-4w2j-mq4c.json
@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5474-4w2j-mq4c",
+  "modified": "2026-04-01T21:16:49Z",
+  "published": "2026-04-01T21:16:49Z",
+  "aliases": [
+    "CVE-2026-34451"
+  ],
+  "summary": "Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories",
+  "details": "The local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory.\n\nUsers on the affected versions are advised to update to the latest version.\n\nClaude SDK for TypeScript thanks [hackerone.com/nicksim](https://hackerone.com/nicksim) for reporting this issue!",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@anthropic-ai/sdk"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.79.0"
+            },
+            {
+              "fixed": "0.81.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-typescript/security/advisories/GHSA-5474-4w2j-mq4c"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34451"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-typescript/commit/0ac69b3438ee9c96b21a7d3c39c07b7cdb6995d9"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/anthropics/anthropic-sdk-typescript"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-typescript/releases/tag/sdk-v0.81.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-41"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:16:49Z",
+    "nvd_published_at": "2026-03-31T22:16:20Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-w828-4qhx-vxx3/GHSA-w828-4qhx-vxx3.json b/advisories/github-reviewed/2026/04/GHSA-w828-4qhx-vxx3/GHSA-w828-4qhx-vxx3.json
@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w828-4qhx-vxx3",
+  "modified": "2026-04-01T21:17:34Z",
+  "published": "2026-04-01T21:17:34Z",
+  "aliases": [
+    "CVE-2026-34452"
+  ],
+  "summary": "Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape",
+  "details": "The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a symlink between validation and use, causing reads or writes to escape the sandbox. The synchronous memory tool implementation was not affected.\n\nUsers on the affected versions are advised to update to the latest version.\n\nClaude SDK for Python thanks [hackerone.com/kasthelord](https://hackerone.com/kasthelord) for reporting this issue!",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "anthropic"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.86.0"
+            },
+            {
+              "fixed": "0.87.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-python/security/advisories/GHSA-w828-4qhx-vxx3"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34452"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/anthropics/anthropic-sdk-python"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/anthropic-sdk-python/releases/tag/v0.87.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-367",
+      "CWE-59"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:17:34Z",
+    "nvd_published_at": "2026-03-31T22:16:20Z"
+  }
+}
