{"data":{"id":"acc1e26b-f51c-4793-8544-39ceded7e0cf","title":"CVE-2026-34450: The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before vers","summary":"The Claude SDK for Python (a library that lets Python programs use Claude AI) had a security flaw in versions 0.86.0 through 0.87.0 where memory files were created with overly permissive access controls (mode 0o666, meaning world-readable and world-writable permissions). On shared computers or in Docker containers, attackers could read the stored state of AI agents or modify memory files to change how the model behaves.","solution":"This issue has been patched in version 0.87.0. Update the Claude SDK for Python to version 0.87.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34450","publishedAt":"2026-03-31T22:16:19.987Z","cveId":"CVE-2026-34450","cweIds":["CWE-276","CWE-732"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude SDK for Python"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-31T22:16:19.987Z","capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}