Description
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (0o666 for files, 0o777 for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. This issue has been patched in version 0.91.1.
Published: 2026-05-04
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Between versions 0.79.0 and before 0.91.1 of the Claude SDK for TypeScript, the BetaLocalFilesystemMemoryTool creates temporary files and directories with Node.js default permissions (0o666 for files, 0o777 for directories). This allows the files to be world‑readable and, on systems with a permissive umask, world‑writable. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify these memory files to influence subsequent model behavior. The weakness is classified as CWE‑732 (Incorrect Permissions).

Affected Systems

The vulnerability affects the Anthropics Anthropic‑SDK‑Typescript package. Versions from 0.79.0 up to, but not including, 0.91.1 are impacted. The issue was patched in version 0.91.1.

Risk and Exploitability

The CVSS score is 4.8, indicating a moderate risk. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or container-based; an attacker with access to the host or container filesystem can exploit the insecure file permissions directly. The impact is limited to the environment where the SDK is deployed and does not provide remote code execution or network‑exposed access.

Generated by OpenCVE AI on May 4, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade anthropic-sdk-typescript to version 0.91.1 or later to eliminate the insecure file permission behavior.
  • If an immediate upgrade is not possible, configure the container or host umask to restrict file creation permissions, preventing the SDK from creating world‑readable or world‑writable files.
  • Where available, direct the SDK to use a custom temporary directory with restrictive permissions or apply explicit permission checks after file creation to enforce secure defaults.

Generated by OpenCVE AI on May 4, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Anthropics
Anthropics anthropic-sdk-typescript
Vendors & Products Anthropics
Anthropics anthropic-sdk-typescript

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (0o666 for files, 0o777 for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. This issue has been patched in version 0.91.1.
Title Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Anthropics Anthropic-sdk-typescript
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-04T18:41:40.183Z

Reserved: 2026-04-22T03:53:24.406Z

Link: CVE-2026-41686

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T19:16:03.883

Modified: 2026-05-04T19:16:03.883

Link: CVE-2026-41686

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T20:30:08Z

Weaknesses