CVE-2026-59866 Kiota: Arbitrary file write + code-injection via x-ms-kiota-info clientClassName and clientNamespaceName
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names and generated output path components when kiota generate ra...