CVE-2026-7235

Name of the Vulnerable Software and Affected Versions ErlichLiu claude-agent-sdk-master versions up to b185aa7ff0d864581257008077b4010fca1747bf

Description A path traversal issue exists in the 'app/api/agent-output/route.ts' file. A remote attacker can exploit this by manipulating the outputFile argument, allowing unauthorized access to files or directories outside the intended folder.

Recommendations As a temporary workaround, restrict access to the 'app/api/agent-output/route.ts' endpoint or avoid using the outputFile argument until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.