Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (GitHub_M) · only source for this CVE.
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota plugin add and kiota plugin generate (with -t APIPlugin) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests without path validation, allowing ../, absolute, rooted, UNC, Windows drive, or URI paths in response_semantics.static_template.file to cause path traversal or out-of-package file inclusion when the generated plugin was deployed. This issue is fixed in version 1.32.5.
AnalysisAI
Path traversal in Microsoft Kiota before 1.32.5 lets an attacker-controlled OpenAPI description inject unvalidated static_template.file values (via the x-ai-adaptive-card and x-ai-capabilities extensions) into generated Microsoft 365 Copilot and Teams plugin manifests, so a developer who runs kiota plugin add or kiota plugin generate -t APIPlugin against a malicious spec produces a manifest that resolves files outside its package when deployed. Rated CVSS 4.0 9.3 (Critical) with high confidentiality/integrity/availability impact and no privileges required. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, inventory all Kiota installations across development and production environments and identify which versions require patching. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Path traversal and code injection in Microsoft Kiota before 1.32.5 lets an attacker-controlled OpenAPI description write
Command injection in Microsoft Kiota before 1.32.5 lets a malicious or compromised OpenAPI description dictate the insta
{...}, $var, or {$obj->prop} are emitted verbatim inside PHP double-quoted literals and interpolated as code when the ge
{}//') demonstrating the break-out.
Code injection in Microsoft Kiota's Python client generator (versions prior to 1.32.0) allows an attacker who controls a
{expr}, #$var, or #@var markers are treated as live Ruby interpolation inside generated model classes. There is no publi
Code injection in Microsoft Kiota versions prior to 1.31.1 allows attackers who control or tamper with OpenAPI descripti
Build-time SSRF, remote file inclusion, and local file inclusion in Microsoft Kiota before 1.32.5 lets an attacker-contr
Arbitrary file write via path traversal in Microsoft Kiota (OpenAPI HTTP client/plugin code generator) before 1.32.5 all
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44935