Path Traversal in Microsoft Kiota

CVE-2026-59863

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and ki…

Vulnerability class: Path Traversal (Directory Traversal)

Affected products

Weakness classification (CWE)

References