Intel

AIKIDO-2026-53015

@microsoft/kiota is vulnerable to Path Traversal

Path TraversalCVE-2026-59863 Published 3 days ago

70

High Risk

This Affects:

JS@microsoft/kiota
0.0.1 - 1.32.4
Fixed in 1.32.5
Are you affected? Scan for Free

TL;DR

Kiota honors the per-client and per-plugin outputPath values in a committed .kiota/workspace.json without confining them to the workspace. A malicious repository or pull request can set outputPath to an absolute or traversal path so that running the documented client or plugin generate command writes the generated files outside the workspace. This yields arbitrary file write on the developer or CI host filesystem. The fix validates each outputPath as a relative subdirectory of the workspace and aborts generation when a resolved path escapes it.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you run kiota client generate or kiota plugin generate against a .kiota/workspace.json from an untrusted repository or pull request.

Background info

@microsoft/kiota is vulnerable to Path Traversal in versions 0.0.1 - 1.32.4.

How to fix this

Upgrade the @microsoft/kiota library to the patch version.