{"data":{"id":"61234743-ce42-4f93-b6af-cc58f45caec8","title":"CVE-2026-7235: A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca","summary":"A path traversal vulnerability (a bug where an attacker manipulates file paths to access files they shouldn't) was found in the ErlichLiu claude-agent-sdk, affecting a file called app/api/agent-output/route.ts. An attacker can exploit this remotely by manipulating the outputFile parameter, and the vulnerability has already been publicly disclosed. The project uses continuous updates but has not yet responded to the security report.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7235","publishedAt":"2026-04-28T08:16:02.467Z","cveId":"CVE-2026-7235","cweIds":["CWE-22"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["ErlichLiu claude-agent-sdk","Anthropic Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-28T08:16:02.467Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}