{"data":{"id":"a000c2cc-0dbd-4eab-a102-5558bb491a0d","title":"CVE-2026-34452: The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before vers","summary":"The Claude SDK for Python (versions 0.86.0 to 0.86.x) had a vulnerability in its async local filesystem memory tool where the system checked that file paths were safe but then used an unresolved path, allowing an attacker to redirect file operations outside the intended sandbox (a restricted storage area) using symlinks (shortcuts to other files or directories). The synchronous (non-async) version of this tool was not affected.","solution":"Update to version 0.87.0 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34452","publishedAt":"2026-03-31T22:16:20.320Z","cveId":"CVE-2026-34452","cweIds":["CWE-59","CWE-367"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude SDK for Python"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-31T22:16:20.320Z","capecIds":["CAPEC-27"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}