CVE-2026-46383: CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsof…

1 / 2

CVE-2026-46383: CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM

DEV Community·CVE Reports·17 days ago

#JcsNt1AS

#security #cve #cybersecurity #software #microsoft #arbitrary

Reading 0:00

15s threshold

CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM Vulnerability ID: CVE-2026-46383 CVSS Score: 5.5 Published: 2026-05-15 A path traversal vulnerability exists in the legacy-bundle probing logic of Microsoft APM, an open-source dependency manager for AI agents. On Windows systems using Python versions prior to 3.12, this allows local attackers to overwrite arbitrary files via a crafted tarball. TL;DR Microsoft APM < 0.13.0 on Windows is vulnerable to an arbitrary file overwrite during archive extraction. Exploitation requires user interaction to install a crafted tarball.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-46383: CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM