microsoft/kiota-java

Releases83

Frequency2 weeks 1 day

Last Release 15 days ago

Stars39

Java libraries for Kiota-generated API clients.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44503 ↗	May 14, 2026Thursday, 14 May 2026, 16:16	—	—
The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie, Proxy-Authorization, and all custom headers are forwarded to the redirect target.