{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7235", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-27T17:05:37.684Z", "datePublished": "2026-04-28T06:30:15.507Z", "dateUpdated": "2026-04-28T14:33:44.662Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-28T06:30:15.507Z"}, "title": "ErlichLiu claude-agent-sdk-master route.ts path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "ErlichLiu", "product": "claude-agent-sdk-master", "versions": [{"version": "b185aa7ff0d864581257008077b4010fca1747bf", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-27T19:10:42.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "BruceJin (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359844", "name": "VDB-359844 | ErlichLiu claude-agent-sdk-master route.ts path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359844/cti", "name": "VDB-359844 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/802828", "name": "Submit #802828 | ErlichLiu claude-agent-sdk-master Commit b185aa7ff0d864581257008077b4010fca1747bf Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ErlichLiu/claude-agent-sdk-master/issues/5", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ErlichLiu/claude-agent-sdk-master/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T14:06:55.495412Z", "id": "CVE-2026-7235", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:33:44.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7235", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T14:06:55.495412Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:07:01.355Z"}}], "cna": {"title": "ErlichLiu claude-agent-sdk-master route.ts path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "BruceJin (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "ErlichLiu", "product": "claude-agent-sdk-master", "versions": [{"status": "affected", "version": "b185aa7ff0d864581257008077b4010fca1747bf"}]}], "timeline": [{"lang": "en", "time": "2026-04-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-27T19:10:42.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359844", "name": "VDB-359844 | ErlichLiu claude-agent-sdk-master route.ts path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359844/cti", "name": "VDB-359844 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/802828", "name": "Submit #802828 | ErlichLiu claude-agent-sdk-master Commit b185aa7ff0d864581257008077b4010fca1747bf Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ErlichLiu/claude-agent-sdk-master/issues/5", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ErlichLiu/claude-agent-sdk-master/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-28T06:30:15.507Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7235", "state": "PUBLISHED", "dateUpdated": "2026-04-28T14:33:44.662Z", "dateReserved": "2026-04-27T17:05:37.684Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-28T06:30:15.507Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-7235", "lastModified": "2026-04-28T20:31:00.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-28T08:16:02.467", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/ErlichLiu/claude-agent-sdk-master/"}, {"source": "cna@vuldb.com", "url": "https://github.com/ErlichLiu/claude-agent-sdk-master/issues/5"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/802828"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359844"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359844/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "b185aa7ff0d864581257008077b4010fca1747bf"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "claude-agent-sdk-master", "source": "cna", "vendor": "ErlichLiu"}, "product": "claude-agent-sdk-master", "vendor": "erlichliu"}], "analysis": {"en": {"generated_at": "2026-04-28T19:28:29.327897+00:00", "value": {"mitigation_remediation": ["Update to the latest version of claude-agent-sdk-master once the repository author releases a patch resolving the path traversal issue.", "If a patch is not yet available, restrict the outputFile parameter by validating against a whitelist of allowed directories and rejecting any requests containing directory traversal sequences such as \"..\".", "Limit access to the agent\u2011output API endpoint at the network or firewall level so that only trusted IP addresses or internal networks can reach it until a fix is deployed."], "summary": {"action": "Apply Patch", "impact": "Path Traversal"}, "threat_synthesis": {"affected_systems": "The affected product is ErlichLiu's claude-agent-sdk-master. No precise version information is available beyond a commit identifier (b185aa7ff0d864581257008077b4010fca1747bf); however, any release prior to a discovered fix is potentially vulnerable due to the repository's rolling\u2011release model. Users should therefore treat all current releases as at risk until an update is issued.", "description_and_impact": "The vulnerability in ErlichLiu claude-agent-sdk-master allows an attacker to manipulate the outputFile argument in the route located at app/api/agent-output/route.ts, resulting in path traversal. This flaw can lead to unauthorized reading or writing of arbitrary files on the server, exposing sensitive configuration or source code files. The weakness is identified as CWE-22, indicating improper validation of file paths.", "risk_and_exploitability": "The CVSS score of 6.9 reflects a moderate severity, and the EPSS score is not available, meaning current exploit probability data are unknown. The attack may be initiated remotely, as stated in the description. Based on the description, it is inferred that no authentication is required to manipulate the outputFile parameter, allowing path traversal. Because the exploit has already been publicly disclosed, the risk of exploitation is tangible if no mitigation is applied."}}}}, "created": "2026-04-28T09:16:10.633957+00:00", "updated": "2026-04-28T19:30:27.391499+00:00", "vendors": ["erlichliu", "erlichliu$PRODUCT$claude-agent-sdk-master"]}