CVE-2026-45539
Microsoft APM (APM CLI) vulnerability affects versions 0.5.4–0.12.4 where two primitive integrators enumerate package files via Path.glob/Path.rglob and read matches with Path.read_text(), following symbolic links. A symlink inside a remote APM dependency under .apm/prompts/ or .apm/agents/ is pr...