CVE-2026-34450

Name of the Vulnerable Software and Affected Versions Claude SDK for Python versions 0.86.0 through 0.86.9

Description The Claude SDK for Python, used to access the Claude API, had an issue in the local filesystem memory tool between versions 0.86.0 and before 0.87.0. Memory files were created with permissions that allowed world-read access on systems with a standard umask, and world-write access in environments with a permissive umask, such as many Docker base images. A local attacker on a shared host could potentially read persisted agent state. In containerized deployments, an attacker could modify memory files, potentially influencing subsequent model behavior. Both synchronous and asynchronous memory tool implementations were affected.

Recommendations Update to version 0.87.0 or later.