PyPI: anthropic
CVE-2026-34450
Safety vulnerability ID: SFTY-20260401-85495
Safety legacy ID: pyup.io-91354
Affected versions of the anthropic package are vulnerable to Incorrect Default Permissions due to the local filesystem memory tool creating memory files with overly permissive mode 0o666. Both the synchronous and asynchronous memory tool implementations wrote persisted agent state files that were world-readable under a standard umask and world-writable in environments with a permissive umask, such as many Docker base images. A local attacker on a shared host could read sensitive persisted agent state, and in containerised deployments could modify memory files to influence subsequent model behaviour.
Overview
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
Advisory
Affected versions of the anthropic package are vulnerable to Incorrect Default Permissions due to the local filesystem memory tool creating memory files with overly permissive mode 0o666. Both the synchronous and asynchronous memory tool implementations wrote persisted agent state files that were world-readable under a standard umask and world-writable in environments with a permissive umask, such as many Docker base images. A local attacker on a shared host could read sensitive persisted agent state, and in containerised deployments could modify memory files to influence subsequent model behaviour.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260401-85495/CVE-2026-34450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34450
- https://data.safetycli.com/changelogs/anthropic/
- https://github.com/advisories/GHSA-q5f5-3gjm-7mfm
- https://pypi.org/project/anthropic
- https://github.com/anthropics/anthropic-sdk-python/security/advisories/GHSA-q5f5-3gjm-7mfm
- https://nvd.nist.gov/vuln/detail/CVE-2026-34450
- https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255
- https://github.com/anthropics/anthropic-sdk-python/releases/tag/v0.87.0
- https://github.com/advisories/GHSA-q5f5-3gjm-7mfm
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more