2 matches found
CVE-2026-45539
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...
CVE-2026-45539
Microsoft APM (APM CLI) vulnerability affects versions 0.5.4–0.12.4 where two primitive integrators enumerate package files via Path.glob/Path.rglob and read matches with Path.read_text(), following symbolic links. A symlink inside a remote APM dependency under .apm/prompts/ or .apm/agents/ is pr...