Intel

AIKIDO-2026-696230

Microsoft.OpenApi.Kiota is vulnerable to Path Traversal

Path TraversalGHSA-p5rm-jg5c-8c77 Published Today

67

Medium Risk

This Affects:

DOTNETMicrosoft.OpenApi.Kiota
1.15.0 - 1.33.0
Fixed in 1.34.0
Are you affected? Scan for Free

TL;DR

A path traversal vulnerability allowed attacker-controlled consumer identifiers (and related file reference/config keys) to escape the intended .kiota/documents namespace, enabling overwriting another consumer’s cached OpenAPI description. The fix adds strict validation of consumer identifiers/extensions, canonicalizes paths with GetFullPath, performs containment checks to prevent escaping the documents directory, and hardens file-reference parsing against percent-encoding/double-encoding, control chars (including NUL), and Unicode normalization bypasses.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

Microsoft.OpenApi.Kiota is vulnerable to Path Traversal in versions 1.15.0 - 1.33.0.

How to fix this

Upgrade the Microsoft.OpenApi.Kiota library to the patch version.