CVE-2026-44641

Name of the Vulnerable Software and Affected Versions Microsoft APM versions prior to 0.8.12

Description Microsoft APM normalizes marketplace plugins by copying components referenced in plugin.json into the .apm/ directory. The implementation fails to verify that the paths specified in the agents, skills, commands, and hooks manifest fields remain within the plugin directory. This allows a malicious plugin to use absolute paths or ../ traversal paths to copy arbitrary readable host files or directories from the installer's machine during the apm install process. This results in a local supply-chain trust-boundary violation, potentially allowing sensitive host-local content to be staged into repository-controlled paths or automatically integrated into the victim project, such as within .github/prompts/.

Recommendations Update to version 0.8.12.