CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM
Vulnerability ID: CVE-2026-46383
CVSS Score: 5.5
Published: 2026-05-15
A path traversal vulnerability exists in the legacy-bundle probing logic of Microsoft APM, an open-source dependency manager for AI agents. On Windows systems using Python versions prior to 3.12, this allows local attackers to overwrite arbitrary files via a crafted tarball.
TL;DR
Microsoft APM < 0.13.0 on Windows is vulnerable to an arbitrary file overwrite during archive extraction. Exploitation requires user interaction to install a crafted tarball.
⚠️ Exploit Status: POC
Technical Details
- CVE ID: CVE-2026-46383
- CWE ID: CWE-22
- CVSS Score: 5.5
- Attack Vector: Local (User Interaction Required)
- Impact: High Integrity (Arbitrary File Overwrite)
- Exploit Status: Proof of Concept
- CISA KEV: Not Listed
Affected Systems
- Microsoft APM on Windows environments using Python < 3.12
-
microsoft/apm: < 0.13.0 (Fixed in:
0.13.0)
Code Analysis
Commit: 77d1dda
Fix path traversal in legacy-bundle probe extraction
Mitigation Strategies
- Upgrade the software dependency
- Upgrade the Python runtime environment
- Implement strict source validation for installed bundles
- Enforce least privilege execution
Remediation Steps:
- Identify all deployments of microsoft/apm currently in use.
- Update the package to version 0.13.0 using the appropriate package manager.
- Ensure the host system is running Python 3.12 or later to benefit from native extraction filters.
- Audit the filesystem for unexpectedly modified files if untrusted bundles were installed prior to patching.
References
Read the full report for CVE-2026-46383 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)