CVE-2026-46383: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in microsoft apm
CVE-2026-46383 is a medium severity path traversal vulnerability in Microsoft APM versions prior to 0. 13. 0. It affects the Windows-specific archive extraction logic used during the installation of legacy bundles on Python 3. 10 and 3. 11. The vulnerability arises because the legacy bundle probe extracts untrusted tar archive members using raw tar. extractall() without properly validating absolute Windows paths, allowing potential unauthorized file writes. This issue is fixed in version 0. 13.
AI Analysis
Technical Summary
Microsoft APM, a dependency manager for AI agents, contained a path traversal vulnerability (CWE-22) in versions before 0.13.0. Specifically, when the 'apm install' command processes a local .tar.gz file not recognized as a plugin-format bundle, it attempts to identify if it is a legacy-format bundle. On Python 3.10 and 3.11, the legacy bundle probe extracts archive members using tar.extractall() without rejecting absolute Windows paths (e.g., D:/...), which can lead to files being written outside the intended directory. This vulnerability does not affect Python 3.12 or later, and it is resolved by updating to APM version 0.13.0.
Potential Impact
The vulnerability allows an attacker who can supply a crafted local .tar.gz archive to cause the extraction process to write files to arbitrary locations on the filesystem due to improper path validation. This can lead to unauthorized modification of files (integrity impact) but does not directly affect confidentiality or availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Upgrade Microsoft APM to version 0.13.0 or later, where this path traversal vulnerability is fixed. Since no official patch link or advisory is provided, users should verify the version before use. Avoid using untrusted local .tar.gz bundles with 'apm install' on affected versions and Python runtimes prior to 3.12 until upgraded. Patch status is not explicitly confirmed beyond the fix in version 0.13.0; check vendor sources for the latest remediation guidance.
CVE-2026-46383: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in microsoft apm
Description
CVE-2026-46383 is a medium severity path traversal vulnerability in Microsoft APM versions prior to 0. 13. 0. It affects the Windows-specific archive extraction logic used during the installation of legacy bundles on Python 3. 10 and 3. 11. The vulnerability arises because the legacy bundle probe extracts untrusted tar archive members using raw tar. extractall() without properly validating absolute Windows paths, allowing potential unauthorized file writes. This issue is fixed in version 0. 13.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Microsoft APM, a dependency manager for AI agents, contained a path traversal vulnerability (CWE-22) in versions before 0.13.0. Specifically, when the 'apm install' command processes a local .tar.gz file not recognized as a plugin-format bundle, it attempts to identify if it is a legacy-format bundle. On Python 3.10 and 3.11, the legacy bundle probe extracts archive members using tar.extractall() without rejecting absolute Windows paths (e.g., D:/...), which can lead to files being written outside the intended directory. This vulnerability does not affect Python 3.12 or later, and it is resolved by updating to APM version 0.13.0.
Potential Impact
The vulnerability allows an attacker who can supply a crafted local .tar.gz archive to cause the extraction process to write files to arbitrary locations on the filesystem due to improper path validation. This can lead to unauthorized modification of files (integrity impact) but does not directly affect confidentiality or availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Upgrade Microsoft APM to version 0.13.0 or later, where this path traversal vulnerability is fixed. Since no official patch link or advisory is provided, users should verify the version before use. Avoid using untrusted local .tar.gz bundles with 'apm install' on affected versions and Python runtimes prior to 3.12 until upgraded. Patch status is not explicitly confirmed beyond the fix in version 0.13.0; check vendor sources for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T19:53:47.922Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a074b98ec166c07b06a98f8
Added to database: 5/15/2026, 4:36:40 PM
Last enriched: 5/15/2026, 4:52:07 PM
Last updated: 5/15/2026, 6:01:53 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.