CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview anthropic is a The official Python library for the anthropic API Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the validatepath function in the betabuiltinmemorytool.py‎ file. An attacker can access files outside the intended...

CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

PT-2026-29380

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

The vulnerability of the Podman software for managing and starting OCI containers, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the Podman software for managing and starting OCI containers is related to an uncontrolled resource consumption in the /dev/shm directory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...