CVE-2026-44641: Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM norma
Summary
Microsoft APM is a tool that manages dependencies (external code libraries) for AI agents. Before version 0.8.12, it had a path traversal vulnerability (a security flaw where an attacker can access files outside the intended directory) that allowed malicious plugins to copy arbitrary files from a user's computer during installation by using absolute paths or '../' sequences to escape the plugin directory.
Solution / Mitigation
This vulnerability is fixed in version 0.8.12. Users should update Microsoft APM to 0.8.12 or later.
Vulnerability Details
7.1(high)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
local
low
none
required
May 15, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44641
First tracked: May 15, 2026 at 02:11 PM
Classified by LLM (prompt v3) · confidence: 95%