{"data":{"id":"b51cd036-9968-47b9-8fa8-5a5fe981530b","title":"CVE-2026-44641: Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM norma","summary":"Microsoft APM is a tool that manages dependencies (external code libraries) for AI agents. Before version 0.8.12, it had a path traversal vulnerability (a security flaw where an attacker can access files outside the intended directory) that allowed malicious plugins to copy arbitrary files from a user's computer during installation by using absolute paths or '../' sequences to escape the plugin directory.","solution":"This vulnerability is fixed in version 0.8.12. Users should update Microsoft APM to 0.8.12 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44641","publishedAt":"2026-05-15T17:16:47.633Z","cveId":"CVE-2026-44641","cweIds":["CWE-22","CWE-73"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft APM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-15T17:16:47.633Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}