Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
SSRF fetch gives AV:N with no auth to the tool (PR:N), but a developer must run generation on a malicious spec (UI:R); LFI yields C:H while schema inlining gives only I:L and no availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote http(s) URLs and reading local absolute or out-of-tree file paths, allowing kiota generate on an attacker-controlled or attacker-influenced description to perform build-time SSRF, remote file inclusion, and local file inclusion by inlining external schemas such as REMOTE_KIOTA_PROP or Leaked into generated clients. This issue is fixed in version 1.32.5 by AllowedExternalOriginsStreamLoader and the --allowed-external-origins option.
AnalysisAI
Build-time SSRF, remote file inclusion, and local file inclusion in Microsoft Kiota before 1.32.5 lets an attacker-controlled OpenAPI description force the kiota generate command to fetch arbitrary remote http(s) URLs and read local absolute or out-of-tree file paths while resolving $ref values. Because Kiota inlined those external schemas into generated clients, an attacker could exfiltrate internal endpoints or leak local file contents (e.g. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim to run a Kiota generation command (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N, base 7.1) captures the real profile: network-reachable side effects (SSRF/RFI) and high confidentiality impact from local file inclusion, but gated by user interaction - a developer must actually run `kiota generate` against a malicious or attacker-influenced description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A developer generates a client from an OpenAPI description supplied by a third party (or whose $ref values an attacker can influence), running `kiota generate` in a CI pipeline with internal network access. During reference resolution, Kiota fetches an attacker-specified internal URL (SSRF) or reads a local file such as a credentials or config file, then inlines that content into the generated client, exposing or exfiltrating it. … |
| Remediation | Vendor-released patch: upgrade Microsoft Kiota to 1.32.5 or later, where external references are blocked by default via AllowedExternalOriginsStreamLoader. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all Kiota installations across development teams and CI/CD pipelines (focus on versions before 1.32.5) and restrict OpenAPI specification sources to cryptographically-verified, internally-controlled repositories only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Path traversal and code injection in Microsoft Kiota before 1.32.5 lets an attacker-controlled OpenAPI description write
Path traversal in Microsoft Kiota before 1.32.5 lets an attacker-controlled OpenAPI description inject unvalidated `stat
Command injection in Microsoft Kiota before 1.32.5 lets a malicious or compromised OpenAPI description dictate the insta
{...}, $var, or {$obj->prop} are emitted verbatim inside PHP double-quoted literals and interpolated as code when the ge
{}//') demonstrating the break-out.
Code injection in Microsoft Kiota's Python client generator (versions prior to 1.32.0) allows an attacker who controls a
{expr}, #$var, or #@var markers are treated as live Ruby interpolation inside generated model classes. There is no publi
Code injection in Microsoft Kiota versions prior to 1.31.1 allows attackers who control or tamper with OpenAPI descripti
Arbitrary file write via path traversal in Microsoft Kiota (OpenAPI HTTP client/plugin code generator) before 1.32.5 all
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44937