Threat Advisory

Microsoft APM Vulnerability Discloses Sensitive Project Directories

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2026-45539 with a CVSS score of 7.4 is a vulnerability in Microsoft APM, an open-source dependency manager for AI agents. The vulnerability arises when primitive integrators in apm-cli enumerate package files and transparently follow symbolic links, dereferencing and writing the resolved content to the project's deploy directories. An attacker can exploit this vulnerability by committing a symlink to a remote APM dependency under .apm/prompts/ or .apm/agents/, which would be preserved and dereferenced during integration, allowing the attacker to access and write files to the project tree. This would grant the attacker the capability to read and write sensitive information, potentially leading to information disclosure and unauthorized access to the project. The business impact and consequences of exploitation could be significant, including data breaches, unauthorized access to sensitive information, and compromised project integrity. This vulnerability requires network access and no special privileges, and user interaction is required to exploit it.[/subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2026-45539 with a CVSS score of 7.4 is a vulnerability in Microsoft APM, an open-source dependency manager for AI agents. The vulnerability arises when primitive integrators in apm-cli enumerate package files and transparently follow symbolic links, dereferencing and writing the resolved content to the project's deploy directories. An attacker can exploit this vulnerability by committing a symlink to a remote APM dependency under .apm/prompts/ or .apm/agents/, which would be preserved and dereferenced during integration, allowing the attacker to access and write files to the project tree. This would grant the attacker the capability to read and write sensitive information, potentially leading to information disclosure and unauthorized access to the project. The business impact and consequences of exploitation could be significant, including data breaches, unauthorized access to sensitive information, and compromised project integrity. This vulnerability requires network access and no special privileges, and user interaction is required to exploit it.[emaillocker id="1283"]

RECOMMENDATION:

We strongly recommend you update Microsoft APM to below version: https://github.com/microsoft/apm/releases

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-q5pp-gvjg-h7v4

[/emaillocker]
crossmenu