40 matches found
MAL-2026-4760 Malicious code in nvidia-nat-semantic-kernel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd31ef3bb7acb152519e55b43037368e8dfc21d444050bec7739778c4ce73381 The wheel's METADATA declares a hard dependency Requires-Dist: ruamel-yaml-clibz==0.3.5. The legitimate upstream is ruamel.yaml.clib with dots...
Malicious code in nvidia-nat-semantic-kernel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd31ef3bb7acb152519e55b43037368e8dfc21d444050bec7739778c4ce73381 The wheel's METADATA declares a hard dependency Requires-Dist: ruamel-yaml-clibz==0.3.5. The legitimate upstream is ruamel.yaml.clib with dots...
When prompts become shells: RCE vulnerabilities in AI agent frameworks
In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...
When prompts become shells: RCE vulnerabilities in AI agent frameworks
In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...
K000160730: Microsoft semantic kernel Python SDK vulnerability CVE-2026-26030
Security Advisory Description Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade...
KLA90920 Multiple vulnerabilities in Microsoft Open Source Software
Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...
Microsoft Semantic Kernel Code Injection Vulnerability
Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...
Exploit for CVE-2026-26030
Microsoft Semantic Kernel BPassed to VectorStore query/filte...
CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
Arbitrary Code Injection
Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Arbitrary Code Injection via the InMemoryVectorStore filter functionality due to lack of filtering for dangerous dunder attributes. An attacker can escape the sandbox and execute arbitrary...
agentic-kernel (>=0.1.0 <=0.1.10), agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428) +12 more potentially affected by CVE-2026-26030 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)
semantic-kernel PYPI version =0.2.9.dev0, =0.1.0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.3 Source cves: CVE-2026-26030 Source advisory: OSV:GHSA-XJW9-4GW8-4RQX...
GHSA-XJW9-4GW8-4RQX Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
agentic-kernel (>=0.1.0 <=0.1.10), agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428) +7 more potentially affected by CVE-2026-26030 via semantic-kernel (>=1.0.0rc1 <=1.35.3)
semantic-kernel PYPI version =1.0.0rc1, =0.1.0, =1.0.0, =1.1.0, =0.1.1, =0.1.0, =0.2.0, =1.2.0, =0.0.1, =1.0.0, =1.0.3 Source cves: CVE-2026-26030 Source advisory: SNYK:PYTHON-SEMANTICKERNEL-15323118...
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...
CVE-2026-26030
Summary of CVE-2026-26030 : The issue affects Microsoft’s Semantic Kernel Python SDK, specifically the InMemoryVectorStore filter functionality. Versions prior to 1.39.4 are vulnerable to remote code execution. The vulnerability is mitigated by upgrading to python-1.39.4 or higher; as a workaroun...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...