Symlink Vulnerability in Microsoft APM Dependency Manager
CVE-2026-45539

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Apm
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-45539?

Microsoft APM, an open-source dependency manager for AI agents, exhibits a vulnerability in versions 0.5.4 to 0.12.4 that allows symlink exploitation. The issue involves primitive integrators in apm-cli that enumerate package files with bare Path.glob() and Path.rglob() calls. These methods read matches via Path.read_text(), which can lead to the transparency of symbolic links. Specifically, symlinks within remote APM dependencies are preserved and dereferenced during integration, resulting in their resolved content being written into deploy directories of the project. Importantly, the security mechanisms in place do not detect this, including the package content_hash and pre-deploy SecurityGate scans. Furthermore, affected files are staged by default due to being absent in the auto-generated .gitignore. Version 0.13.0 has addressed this vulnerability.

Affected Version(s)

apm >= 0.5.4, < 0.13.0

References

https://github.com/microsoft/apm/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45539 Data

JSON