High severity7.1GHSA Advisory· Published May 15, 2026· Updated May 15, 2026

CVE-2026-44641

Description

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A malicious plugin can therefore use absolute paths or ../ traversal paths to copy arbitrary readable host files or directories from the installer's machine during apm install. This vulnerability is fixed in 0.8.12.

Affected products

Microsoft/ApmGHSA
Range: <= 0.8.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xhrw-5qxx-jpwrghsaADVISORY
github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwrnvd
nvd.nist.gov/vuln/detail/CVE-2026-44641ghsa

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000