CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•14 views

CVE-2026-49336

The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...

6.9CVSS5.9AI score0.0065EPSS

Cvelist•added 5 days ago•17 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

6.9CVSS0.0065EPSS

Positive Technologies•added 5 days ago•13 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:11 p.m.•5 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS5.4AI score0.00505EPSS

NVD•added 2026/05/14 4:16 p.m.•24 views

CVE-2026-44503

7CVSS0.00505EPSS

Cvelist•added 2026/05/14 3:58 p.m.•73 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

7CVSS0.00505EPSS

ATTACKERKB•added 2026/05/14 3:58 p.m.•4 views

CVE-2026-44503

Exploits0References2Affected Software6

EUVD•added 2026/05/14 3:58 p.m.•8 views

EUVD-2026-30323

Vulnrichment•added 2026/05/14 3:58 p.m.•4 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

CVE•added 2026/05/14 3:58 p.m.•40 views

CVE-2026-44503

CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...

CNNVD•added 2026/05/14 12:0 a.m.•10 views

Kiota Java Libraries 输入验证错误漏洞

Kiota Java Libraries is an open-source collection of Java libraries developed by Microsoft for generating OpenAPI SDKs. Version 1.9.0 of Kiota Java Libraries contains a vulnerability related to input validation errors. This vulnerability arises from the RedirectHandler middleware, which fails to...

Snyk•added 2026/05/07 1:49 a.m.•4 views

Open Redirect

Overview microsoft-kiota-http is a python HTTP implementation with HTTPX library. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a...

OSV•added 2026/05/07 1:49 a.m.•3 views

GHSA-7J59-V9QR-6FQ9 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

7CVSS5.9AI score0.00505EPSS

Exploits0References3

vulnersOsv•added 2026/05/07 1:49 a.m.•4 views

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +103 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=0.4.4 <=1.9.2)

microsoft-kiota-http PYPI version =0.4.4, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =2.4.2, =2.4.2, =3.0.1, =0.1.1, =0.2.0 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...

7CVSS5.4AI score0.00505EPSS

Exploits0

Snyk•added 2026/05/07 1:49 a.m.•5 views

Open Redirect

Overview @microsoft/kiota-http-fetchlibrary is an implementation using the Fetch API to make requests. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and AP...

vulnersOsv•added 2026/05/07 1:49 a.m.•4 views

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +133 more potentially affected by CVE-2026-44503 via com.microsoft.kiota:microsoft-kiota-abstractions (>=0.1.2 <=1.9.0)

com.microsoft.kiota:microsoft-kiota-abstractions MAVEN version =0.1.2, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.23 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...

7CVSS5.5AI score0.00505EPSS

Exploits0

vulnersOsv•added 2026/05/07 1:49 a.m.•3 views

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +97 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=1.10.2 <=1.9.2)

microsoft-kiota-http PYPI version =1.10.2, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =3.0.1, =3.0.1, =0.1.1, =0.2.1, =0.1.0, =2.0.0 and more Source cves: CVE-2026-44503 Source advisory: SNYK:PYTHON-MICROSOFTKIOTAHTTP-16699940...

7CVSS5.4AI score0.00505EPSS

Exploits0

Patchstack•added 2026/05/07 1:49 a.m.•6 views

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...