{"data":{"id":"df7494a3-e60a-49e1-834d-c6c9edeed0fb","title":"CVE-2026-34451: Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From","summary":"The Claude SDK for TypeScript had a security flaw in its filesystem memory tool (a feature that lets AI models read and write files) where path validation was incomplete, allowing an attacker using prompt injection (tricking the AI with hidden instructions in its input) to access files outside the intended sandbox directory. This vulnerability affected versions 0.79.0 through 0.80.x and could let attackers read or modify files they shouldn't have access to.","solution":"Update the Anthropic TypeScript SDK to version 0.81.0 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34451","publishedAt":"2026-03-31T22:16:20.167Z","cveId":"CVE-2026-34451","cweIds":["CWE-22","CWE-41"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude SDK for TypeScript"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-31T22:16:20.167Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}