GHSA-2HX3-VP6R-MG3F

Vulnerability from github – Published: 2026-04-14 23:39 – Updated: 2026-04-14 23:39
VLAI?
Summary
Kiota: Code Generation Literal Injection
Details

Code Generation Literal Injection in Kiota

Summary

Kiota versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission).

When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients.

Impact and Preconditions

This issue is only practically exploitable when:

  1. the OpenAPI description used for generation is from an untrusted source, or
  2. a normally trusted OpenAPI description has been compromised/tampered with.

If you only generate from trusted, integrity-protected API descriptions, risk is significantly reduced.

Affected Versions

  • Affected: all versions < 1.31.1
  • Fixed: 1.31.1 and later

Illustrative Exploit Example

Example OpenAPI fragment (malicious default value)

openapi: 3.0.1
info:
  title: Exploit Demo
  version: 1.0.0
components:
  schemas:
    User:
      type: object
      properties:
        displayName:
          type: string
          default: "\"; throw new System.Exception(\"injected\"); //"

Example generated C# snippet before fix (illustrative)

public User() {
    DisplayName = ""; throw new System.Exception("injected"); //";
}

The injected payload escapes the intended string context and introduces attacker-controlled statements in generated code.

Note: this exploit is not limited to default values, but may also impact properties names (serialization), path or query parameters, enum representations and other locations.

Remediation

  1. Upgrade Kiota to 1.31.1 or later.
  2. Regenerate/refresh existing generated clients as a precaution:
kiota update

Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output.

Acknowledgement

We would like to thank the researcher Thanatos Tian (Polyu) for finding this issue and for his contribution to this open source project.

Severity ?
7.3 (High)
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "kiota"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.31.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T23:39:41Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "# Code Generation Literal Injection in Kiota\n\n## Summary\n\nKiota versions **prior to 1.31.1** are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission).\n\nWhen malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients.\n\n## Impact and Preconditions\n\nThis issue is only practically exploitable when:\n\n1. the OpenAPI description used for generation is from an **untrusted source**, or\n2. a normally trusted OpenAPI description has been **compromised/tampered with**.\n\nIf you only generate from trusted, integrity-protected API descriptions, risk is significantly reduced.\n\n## Affected Versions\n\n- **Affected:** all versions **\u003c 1.31.1**\n- **Fixed:** **1.31.1** and later\n\n## Illustrative Exploit Example\n\n### Example OpenAPI fragment (malicious default value)\n\n```yaml\nopenapi: 3.0.1\ninfo:\n  title: Exploit Demo\n  version: 1.0.0\ncomponents:\n  schemas:\n    User:\n      type: object\n      properties:\n        displayName:\n          type: string\n          default: \"\\\"; throw new System.Exception(\\\"injected\\\"); //\"\n```\n\n### Example generated C# snippet before fix (illustrative)\n\n```csharp\npublic User() {\n    DisplayName = \"\"; throw new System.Exception(\"injected\"); //\";\n}\n```\n\nThe injected payload escapes the intended string context and introduces attacker-controlled statements in generated code.\n\n\u003e Note: this exploit is not limited to default values, but may also impact properties names (serialization), path or query parameters, enum representations and other locations.\n\n## Remediation\n\n1. Upgrade Kiota to **1.31.1 or later**.\n2. Regenerate/refresh existing generated clients as a precaution:\n\n```bash\nkiota update\n```\n\nRefreshing generated clients ensures previously generated vulnerable code is replaced with hardened output.\n\n## Acknowledgement\n\nWe would like to thank the researcher Thanatos Tian (Polyu) for finding this issue and for his contribution to this open source project.",
  "id": "GHSA-2hx3-vp6r-mg3f",
  "modified": "2026-04-14T23:39:41Z",
  "published": "2026-04-14T23:39:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/kiota/security/advisories/GHSA-2hx3-vp6r-mg3f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/microsoft/kiota"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Kiota: Code Generation Literal Injection"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.