Lucene search
+L

14 matches found

nvd
nvd
added yesterday4 views

CVE-2026-59862

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...

7.5CVSS
Exploits0References2
cve
cve
added yesterday8 views

CVE-2026-59862

Kiota Python generator vulnerability (CVE-2026-59862): before version 1.32.0, attacker-controlled x-ms-enum.values[].description could flow into KiotaBuilder.SetEnumOptions and PythonConventionService.RemoveInvalidDescriptionCharacters without newline sanitization, enabling generated inline comme...

7.5CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added yesterday15 views

CVE-2026-59862 Kiota: Code Generation Literal Injection in the Python Generator

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...

7.5CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44927

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...

7.5CVSS6.2AI score
Exploits0References2
github
github
added 2026/01/30 9:17 p.m.13 views

Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

9.8CVSS6AI score0.0075EPSS
Exploits1References7Affected Software1
cvelist
cvelist
added 2026/01/30 8:19 p.m.23 views

CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

9.3CVSS0.00603EPSS
Exploits0References5
cve
cve
added 2026/01/30 8:19 p.m.41 views

CVE-2026-25141

CVE-2026-25141 affects Orval (OpenAPI/Swagger codegen) where the jsStringEscape logic is insufficient to sanitize x-enumDescriptions, enabling potential arbitrary code execution via JSFuck-like payloads in generated clients. Affected range includes 7.19.0–7.20.x and 7.21.0 and 8.2.0 with an incom...

9.8CVSS6.2AI score0.00603EPSS
Exploits0References5Affected Software1
veracode
veracode
added 2026/01/27 10:2 a.m.7 views

Arbitrary Command Injection

@orval/core is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper handling and escaping of untrusted OpenAPI specification data in the x-enumDescriptions field during enum generation, which allows an attacker to inject and execute arbitrary TypeScript or JavaScript co...

9.8CVSS6.1AI score0.0075EPSS
Exploits1References5Affected Software1
githubexploit
githubexploit
added 2026/01/21 7:48 a.m.234 views

Exploit for CVE-2026-23947

Walkthrough: CVE-2026-23947 - Orval Arbitrary Code Execution...

9.3CVSS5.9AI score0.0075EPSS
Exploits1
github
github
added 2026/01/21 1:1 a.m.12 views

Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

9.8CVSS6.3AI score0.0075EPSS
Exploits1References6Affected Software1
vulnrichment
vulnrichment
added 2026/01/20 12:19 a.m.2 views

CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...

9.3CVSS6.3AI score0.0075EPSS
Exploits1References2
cvelist
cvelist
added 2026/01/20 12:19 a.m.22 views

CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...

9.3CVSS0.0075EPSS
Exploits1References2
cve
cve
added 2026/01/20 12:19 a.m.46 views

CVE-2026-23947

CVE-2026-23947 / CVE-2026-25141 affect Orval’s OpenAPI JS client generator. Vulnerable in versions prior to 7.21.0 (and 8.2.0) with incomplete/patchy fixes; an attacker can inject arbitrary code via x-enumDescriptions during const enum generation, leading to code execution in generated clients. T...

9.8CVSS6.3AI score0.0075EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/01/20 12:19 a.m.5 views

CVE-2026-23947 Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...

9.3CVSS6.4AI score0.0075EPSS
Exploits1References4
Rows per page
Query Builder