GHSA-p7fg-763f-g4gf: Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
mediumvulnerabilityLLM-Specific
security
Summary
The Claude SDK for TypeScript had a security flaw where a tool called `BetaLocalFilesystemMemoryTool` created files and folders with overly permissive access settings (using Node.js defaults like `0o666` for files and `0o777` for directories, which control who can read or modify them). This meant that on shared computers or in containerized environments (like Docker), other users could read sensitive agent data or modify it to change how the AI behaves.
Solution / Mitigation
Users on the affected versions are advised to update to the latest version.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
April 29, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Anthropic
Affected Packages
@anthropic-ai/sdk@>= 0.79.0, < 0.91.1 (fixed: 0.91.1)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-p7fg-763f-g4gf
First tracked: April 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%