14 matches found
CVE-2026-59862
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...
CVE-2026-59862
Kiota Python generator vulnerability (CVE-2026-59862): before version 1.32.0, attacker-controlled x-ms-enum.values[].description could flow into KiotaBuilder.SetEnumOptions and PythonConventionService.RemoveInvalidDescriptionCharacters without newline sanitization, enabling generated inline comme...
CVE-2026-59862 Kiota: Code Generation Literal Injection in the Python Generator
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...
EUVD-2026-44927
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments
CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...
CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...
CVE-2026-25141
CVE-2026-25141 affects Orval (OpenAPI/Swagger codegen) where the jsStringEscape logic is insufficient to sanitize x-enumDescriptions, enabling potential arbitrary code execution via JSFuck-like payloads in generated clients. Affected range includes 7.19.0–7.20.x and 7.21.0 and 8.2.0 with an incom...
Arbitrary Command Injection
@orval/core is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper handling and escaping of untrusted OpenAPI specification data in the x-enumDescriptions field during enum generation, which allows an attacker to inject and execute arbitrary TypeScript or JavaScript co...
Exploit for CVE-2026-23947
Walkthrough: CVE-2026-23947 - Orval Arbitrary Code Execution...
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...
CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...
CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...
CVE-2026-23947
CVE-2026-23947 / CVE-2026-25141 affect Orval’s OpenAPI JS client generator. Vulnerable in versions prior to 7.21.0 (and 8.2.0) with incomplete/patchy fixes; an attacker can inject arbitrary code via x-enumDescriptions during const enum generation, leading to code execution in generated clients. T...
CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...