CVE-2026-7235: A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca
mediumvulnerabilityLLM-Specific
security
Summary
A path traversal vulnerability (a bug where an attacker manipulates file paths to access files they shouldn't) was found in the ErlichLiu claude-agent-sdk, affecting a file called app/api/agent-output/route.ts. An attacker can exploit this remotely by manipulating the outputFile parameter, and the vulnerability has already been publicly disclosed. The project uses continuous updates but has not yet responded to the security report.
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 28, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Anthropic
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7235
First tracked: April 28, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 85%