RCE in Microsoft Kiota

CVE-2026-59860

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externalDocs label, and externalDocs link fiel…

Vulnerability class: RCE (Remote Code Execution)

Affected products

Weakness classification (CWE)

References