CVE-2026-41686: CWE-732: Incorrect Permission Assignment for Critical Resource in anthropics anthropic-sdk-typescript
The Claude SDK for TypeScript versions from 0.79.0 up to but not including 0.91.1 had a vulnerability where memory files and directories were created with overly permissive default permissions. This allowed local attackers on shared hosts to read sensitive persisted agent state and, in containerized environments with permissive umasks, to modify these files potentially influencing model behavior. The issue was addressed in version 0.91.1.
AI Analysis
Technical Summary
CVE-2026-41686 is an incorrect permission assignment vulnerability (CWE-732) in the anthropic-sdk-typescript package. Specifically, the BetaLocalFilesystemMemoryTool created files with default Node.js modes (0o666 for files and 0o777 for directories), which are world-readable and potentially world-writable depending on the environment's umask. This improper permission setting could expose sensitive data or allow modification of memory files by local attackers on shared hosts or containerized deployments. The vulnerability affects versions >= 0.79.0 and < 0.91.1 and was patched in version 0.91.1.
Potential Impact
Local attackers on shared hosting environments could read sensitive persisted agent state due to world-readable file permissions. In containerized deployments with permissive umasks, attackers could modify memory files, potentially influencing subsequent model behavior. There is no indication of remote exploitation or broader impact beyond local or containerized environments.
Mitigation Recommendations
Upgrade the anthropic-sdk-typescript package to version 0.91.1 or later, where the issue has been patched. Since the vulnerability is fixed in this version, no additional mitigation steps are required.
CVE-2026-41686: CWE-732: Incorrect Permission Assignment for Critical Resource in anthropics anthropic-sdk-typescript
Description
The Claude SDK for TypeScript versions from 0.79.0 up to but not including 0.91.1 had a vulnerability where memory files and directories were created with overly permissive default permissions. This allowed local attackers on shared hosts to read sensitive persisted agent state and, in containerized environments with permissive umasks, to modify these files potentially influencing model behavior. The issue was addressed in version 0.91.1.
CVSS v4.0
Score 4.8medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41686 is an incorrect permission assignment vulnerability (CWE-732) in the anthropic-sdk-typescript package. Specifically, the BetaLocalFilesystemMemoryTool created files with default Node.js modes (0o666 for files and 0o777 for directories), which are world-readable and potentially world-writable depending on the environment's umask. This improper permission setting could expose sensitive data or allow modification of memory files by local attackers on shared hosts or containerized deployments. The vulnerability affects versions >= 0.79.0 and < 0.91.1 and was patched in version 0.91.1.
Potential Impact
Local attackers on shared hosting environments could read sensitive persisted agent state due to world-readable file permissions. In containerized deployments with permissive umasks, attackers could modify memory files, potentially influencing subsequent model behavior. There is no indication of remote exploitation or broader impact beyond local or containerized environments.
Mitigation Recommendations
Upgrade the anthropic-sdk-typescript package to version 0.91.1 or later, where the issue has been patched. Since the vulnerability is fixed in this version, no additional mitigation steps are required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-22T03:53:24.406Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8eaaecbff5d8610415ae9
Added to database: 5/4/2026, 6:51:26 PM
Last enriched: 5/12/2026, 6:24:16 AM
Last updated: 6/18/2026, 11:40:20 AM
Views: 69
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.