Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-59862

HIGH NVD
CVSS Score 7.5
Severity HIGH
Published Jul 16, 2026
Vendor unknown

Description

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and PythonConventionService.RemoveInvalidDescriptionCharacters without newline sanitization, allowing generated inline comments to split and execute attacker-controlled Python code at module scope when generated modules were imported. This issue is fixed in version 1.32.0.

References