PyPI: anthropic
CVE-2026-34452
Safety vulnerability ID: SFTY-20260401-18581
Safety legacy ID: pyup.io-91355
Affected versions of the anthropic package are vulnerable to a Time-of-Check Time-of-Use Race Condition due to the async local filesystem memory tool validating that model-supplied paths resolve inside the sandboxed memory directory, but then returning the unresolved path for subsequent file operations. An attacker with write access to the memory directory could retarget a symlink between the validation and use steps, causing the async memory tool to read or write files outside the intended sandbox. This allows a local attacker to escape the sandbox boundary, potentially accessing or modifying sensitive files on the host filesystem.
Overview
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Advisory
Affected versions of the anthropic package are vulnerable to a Time-of-Check Time-of-Use Race Condition due to the async local filesystem memory tool validating that model-supplied paths resolve inside the sandboxed memory directory, but then returning the unresolved path for subsequent file operations. An attacker with write access to the memory directory could retarget a symlink between the validation and use steps, causing the async memory tool to read or write files outside the intended sandbox. This allows a local attacker to escape the sandbox boundary, potentially accessing or modifying sensitive files on the host filesystem.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260401-18581/CVE-2026-34452
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34452
- https://data.safetycli.com/changelogs/anthropic/
- https://github.com/advisories/GHSA-w828-4qhx-vxx3
- https://pypi.org/project/anthropic
- https://github.com/anthropics/anthropic-sdk-python/security/advisories/GHSA-w828-4qhx-vxx3
- https://nvd.nist.gov/vuln/detail/CVE-2026-34452
- https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6
- https://github.com/anthropics/anthropic-sdk-python/releases/tag/v0.87.0
- https://github.com/advisories/GHSA-w828-4qhx-vxx3
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more