{"id":"CVE-2026-44641","summary":"Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install","details":"Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A malicious plugin can therefore use absolute paths or ../ traversal paths to copy arbitrary readable host files or directories from the installer's machine during apm install. This vulnerability is fixed in 0.8.12.","aliases":["GHSA-xhrw-5qxx-jpwr"],"modified":"2026-07-08T08:13:29.509578443Z","published":"2026-05-15T16:00:23.198Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44641.json","cwe_ids":["CWE-22","CWE-73"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44641.json"},{"type":"ADVISORY","url":"https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44641"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/microsoft/apm","events":[{"introduced":"0"},{"fixed":"0d2093de4fb941bfd403b388f58b51d8df192efe"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.8.12"}]}}],"versions":["v0.8.11","v0.8.10","v0.8.9","v0.8.8","v0.8.7","v0.8.6","v0.8.5","v0.8.4","v0.8.3","v0.8.2","v0.8.1","v0.8.0","v0.7.9","v0.7.8","v0.7.7","v0.7.6","v0.7.5","v0.7.4","v0.7.3","v0.7.2","v0.7.1","v0.7.0","v0.6.1","v0.5.9","v0.5.8","v0.5.7","v0.5.6","v0.5.5","v0.5.3","v0.5.2","v0.5.1","v0.4.3","v0.4.2","v0.4.1","v0.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44641.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}