cbcvebase.
CVE-2026-25592
published 2026-02-06

CVE-2026-25592: Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has…

PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.95%
77.7th percentile
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftsemantic-kernel< 1.71.01.71.0
microsoftsemantic-kernel>= 0 < 1.39.31.39.3

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor calls to DownloadFileAsync and UploadFileAsync in the Semantic Kernel SessionsPythonPlugin for suspicious or unexpected localFilePath arguments that traverse outside expected directories (e.g., path traversal sequences)
  • Flag usage of Microsoft.SemanticKernel.Core versions prior to 1.71.0 (NuGet) and semantic-kernel pip package versions prior to the Feb 08 2026 fix as vulnerable to arbitrary file write via SessionsPythonPlugin
  • ·The vulnerability is specifically within the SessionsPythonPlugin component of the Semantic Kernel .NET SDK; only deployments using this plugin are affected
  • ·Both the NuGet package (Microsoft.SemanticKernel.Core) and the pip package (semantic-kernel) are affected; fixes were added to both on Feb 08, 2026
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.