RCE in Microsoft Kiota

CVE-2026-59859

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP double-quoted literals through SanitizeDou…

Vulnerability class: RCE (Remote Code Execution)

Affected products

Weakness classification (CWE)

References