When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

Arbitrary File Write

Semantic Kernel is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths in the SessionsPythonPlugin, where attacker-controlled localFilePath arguments passed to DownloadFileAsync or UploadFileAsync can write files to arbitrary locations on the host...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

EUVD-2026-5582

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592

The CVE-2026-25592 entry affects Microsoft's Semantic Kernel .NET SDK, specifically the SessionsPythonPlugin, with an Arbitrary File Write vulnerability present prior to version 1.70.0. The issue allows writing files to arbitrary locations via the plugin, and the fixed version is Microsoft.Semant...

GHSA-2WW3-72RP-WPP4 Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

Microsoft Semantic Kernel 路径遍历漏洞

Microsoft Semantic Kernel is a large-scale model orchestration framework developed by Microsoft Corporation. Versions of Microsoft Semantic Kernel prior to 1.70.0 contained a path traversal vulnerability, which was caused by an arbitrary file writing vulnerability in the SessionsPythonPlugin...

PT-2026-6847

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

PT-2026-6792

Name of the Vulnerable Software and Affected Versions Microsoft Semantic Kernel .NET SDK versions prior to 1.71.0 Agent Framework version 1.0 Description An arbitrary file write issue exists within the SessionsPythonPlugin of the .NET SDK. This flaw can be chained with path traversal and insecure...