PT-2026-60492 · Microsoft · Kiota

CVE-2026-59867

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote http(s) URLs and reading local absolute or out-of-tree file paths, allowing kiota generate on an attacker-controlled or attacker-influenced description to perform build-time SSRF, remote file inclusion, and local file inclusion by inlining external schemas such as REMOTE KIOTA PROP or Leaked into generated clients. This issue is fixed in version 1.32.5 by AllowedExternalOriginsStreamLoader and the --allowed-external-origins option.

Fix

Path traversal

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59867

Affected Products

Kiota