Vulnerability  ·  2026-07-17

Kiota Code Generator — Plugin Manifest Injection Enables Malicious Microsoft 365 Copilot/Teams Plugins

VulnerabilityHigh impactGlobalCVE-2026-59864
Kiota, Microsoft's OpenAPI-based code/plugin generator, failed to sanitize custom AI-extension fields from OpenAPI specifications before embedding them into generated Microsoft 365 Copilot and Teams plugin manifest files.
A poisoned OpenAPI spec ingested via Kiota could inject malicious content directly into AI plugin manifests distributed to Microsoft 365 Copilot users, representing a supply-chain path from third-party API definitions into the enterprise Copilot plugin ecosystem.
The `kiota plugin add`/`kiota plugin generate` commands (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities OpenAPI extensions directly into generated Microsoft 365 Copilot and Teams plugin manifests without sanitization, allowing a malicious OpenAPI spec to inject content into the generated AI plugin package.
Microsoft Kiota prior to 1.32.5
Upgrade to Kiota 1.32.5 or later.
CVE Record CVE-2026-59864
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →