Lucene search
K

42 matches found

CVE
CVE
added 2026/02/19 4:0 p.m.54 views

CVE-2026-26030

Summary of CVE-2026-26030 : The issue affects Microsoft’s Semantic Kernel Python SDK, specifically the InMemoryVectorStore filter functionality. Versions prior to 1.39.4 are vulnerable to remote code execution. The vulnerability is mitigated by upgrading to python-1.39.4 or higher; as a workaroun...

9.9CVSS6.3AI score0.02914EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 4:0 p.m.24 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS0.02914EPSS
Exploits2References3
OSV
OSV
added 2026/02/19 4:0 p.m.5 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.4AI score0.02914EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20868

Name of the Vulnerable Software and Affected Versions Semantic Kernel Python SDK versions prior to 1.39.4 Description A remote code execution issue exists within the InMemoryVectorStore filter functionality. Recommendations Update to version 1.39.4 or higher. As a temporary workaround, avoid usin...

9.9CVSS6.5AI score0.02914EPSS
Exploits2References64
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

Microsoft Semantic Kernel 代码注入漏洞

Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...

9.9CVSS6.1AI score0.02914EPSS
Exploits2References3
Veracode
Veracode
added 2026/02/09 8:4 a.m.7 views

Arbitrary File Write

Semantic Kernel is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths in the SessionsPythonPlugin, where attacker-controlled localFilePath arguments passed to DownloadFileAsync or UploadFileAsync can write files to arbitrary locations on the host...

9.9CVSS5.7AI score0.0195EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS5.4AI score0.0195EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/06 10:10 p.m.5 views

Directory Traversal

Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Directory Traversal via the SessionsPythonPlugin process. An attacker can write arbitrary files to the filesystem by supplying crafted arguments to the DownloadFileAsync or UploadFileAsync...

9.9CVSS6.5AI score0.0195EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/06 10:10 p.m.5 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), aiqtoolkit-semantic-kernel (>=1.1.0 <=1.2.0rc4) +4 more potentially affected by CVE-2026-25592 via semantic-kernel (>=1.0.0rc1 <=1.35.3)

semantic-kernel PYPI version =1.0.0rc1, =1.0.0, =1.1.0, =0.1.1, =0.2.0, =1.2.0, =0.0.1, =0.0.4 Source cves: CVE-2026-25592 Source advisory: SNYK:PYTHON-SEMANTICKERNEL-15248428...

9.9CVSS5.4AI score0.0195EPSS
Exploits0
NVD
NVD
added 2026/02/06 9:16 p.m.9 views

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS0.0195EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 8:38 p.m.7 views

EUVD-2026-5582

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS5.3AI score0.0195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:38 p.m.5 views

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS5.3AI score0.0195EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 8:38 p.m.4 views

CVE-2026-25592 Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS5.4AI score0.0195EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 8:38 p.m.105 views

CVE-2026-25592

The CVE-2026-25592 entry affects Microsoft's Semantic Kernel .NET SDK, specifically the SessionsPythonPlugin, with an Arbitrary File Write vulnerability present prior to version 1.70.0. The issue allows writing files to arbitrary locations via the plugin, and the fixed version is Microsoft.Semant...

9.9CVSS5.4AI score0.0195EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 8:38 p.m.8 views

CVE-2026-25592 Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS5.4AI score0.0195EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/06 8:38 p.m.31 views

CVE-2026-25592 Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

9.9CVSS0.0195EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/02/06 6:37 p.m.4 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-25592 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-25592 Source advisory: OSV:GHSA-2WW3-72RP-WPP4...

9.9CVSS5.4AI score0.0195EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/06 6:37 p.m.35 views

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.5AI score0.0195EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/02/06 6:37 p.m.4 views

GHSA-2WW3-72RP-WPP4 Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.5AI score0.0195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6792

Name of the Vulnerable Software and Affected Versions Semantic Kernel .NET SDK versions prior to 1.71.0 Agent Framework version 1.0 Description An arbitrary file write issue exists in the .NET SDK, specifically within the SessionsPythonPlugin. This flaw allows for path traversal, which can be...

9.9CVSS6.3AI score0.0195EPSS
Exploits0References61
Rows per page
Query Builder