RCE in Microsoft Kiota

CVE-2026-59866

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names a…

Vulnerability class: Path Traversal (Directory Traversal)

Affected products

Weakness classification (CWE)

References