CVE-2026-34452: The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before vers
highvulnerabilityLLM-Specific
security
Summary
The Claude SDK for Python (versions 0.86.0 to 0.86.x) had a vulnerability in its async local filesystem memory tool where the system checked that file paths were safe but then used an unresolved path, allowing an attacker to redirect file operations outside the intended sandbox (a restricted storage area) using symlinks (shortcuts to other files or directories). The synchronous (non-async) version of this tool was not affected.
Solution / Mitigation
Update to version 0.87.0 or later, where this issue has been patched.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 31, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
Affected Vendors
Anthropic
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34452
First tracked: March 31, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 95%