CVE-2026-46383

MEDIUM 5.5

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install <bundle> on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a legacy --format apm bundle. On Python versions earlier than 3.12, that probe extracts untrusted tar members with raw tar.extractall() without rejecting Windows absolute member names such as D:/.... This vulnerability is fixed in 0.13.0.

CWE	CWE-22 CWE-73
Vendor	microsoft
Product	apm
Ecosystems	Windows .NET Azure
Industries	TechnologyEnterprise
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for microsoft apm

Be the first to know when new medium vulnerabilities affecting microsoft apm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

microsoft / apm

< 0.13.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/microsoft/apm/security/advisories/GHSA-mq5j-pw29-jcv3