PT-2026-60489 · Microsoft · Kiota
CVE-2026-59864
·
Published
2026-07-16
·
Updated
2026-07-16
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5,
kiota plugin add and kiota plugin generate (with -t APIPlugin) emitted attacker-controlled static template.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests without path validation, allowing ../, absolute, rooted, UNC, Windows drive, or URI paths in response semantics.static template.file to cause path traversal or out-of-package file inclusion when the generated plugin was deployed. This issue is fixed in version 1.32.5.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kiota