CVE-2026-46383— Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46383
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`
Source: NVD (National Vulnerability Database)
Vulnerability Description
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install <bundle> on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a legacy --format apm bundle. On Python versions earlier than 3.12, that probe extracts untrusted tar members with raw tar.extractall() without rejecting Windows absolute member names such as D:/.... This vulnerability is fixed in 0.13.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46383
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46383
请登录查看更多情报信息。
- https://github.com/microsoft/apm/security/advisories/GHSA-mq5j-pw29-jcv3x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-46383
Same Patch Batch · microsoft · 2026-05-15 · 3 CVEs total
| CVE-2026-45539 | 7.4 HIGH | Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during ` |
| CVE-2026-44641 | 7.1 HIGH | Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host file |
IV. Related Vulnerabilities
Same vendor: microsoft
- CVE-2026-45539
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agen - CVE-2026-44641
Microsoft APM: plugin.json component paths escape plugin roo - CVE-2026-41615
Microsoft Authenticator Information Disclosure Vulnerability - CVE-2026-42897
Microsoft Exchange Server Spoofing Vulnerability - CVE-2026-44503
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Author
Same weakness: CWE-22
- CVE-2026-8802
opensourcepos Open Source Point of Sale Items.php getPicThum - CVE-2026-8770
continuedev continue JSON-RPC Server lsTool.ts lsTool path t - CVE-2026-8765
Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bu - CVE-2026-8757
adenhq hive Delete Request routes_sessions.py _read_events_t - CVE-2026-8756
fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_con
V. Comments for CVE-2026-46383
No comments yet