12 matches found
Microsoft Semantic Kernel Code Injection Vulnerability
Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...
Exploit for CVE-2026-26030
Microsoft Semantic Kernel BPassed to VectorStore query/filte...
Arbitrary Code Injection
Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Arbitrary Code Injection via the InMemoryVectorStore filter functionality due to lack of filtering for dangerous dunder attributes. An attacker can escape the sandbox and execute arbitrary...
GHSA-XJW9-4GW8-4RQX Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
Microsoft Semantic Kernel 代码注入漏洞
Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...
PT-2026-20868
Name of the Vulnerable Software and Affected Versions Semantic Kernel Python SDK versions prior to 1.39.4 Description A remote code execution issue exists within the InMemoryVectorStore filter functionality. The flaw occurs in the InMemoryCollection. parse and validate filter function, where a...