CVE-2026-26030
published 2026-02-19CVE-2026-26030: Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the…
PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
2.91%
85.3th percentile
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | semantic-kernel | < 1.39.4 | 1.39.4 |
| microsoft | semantic-kernel | >= 0 < 1.39.4 | 1.39.4 |
| microsoft | semantic_kernel | < 1.39.4 | 1.39.4 |
| msrc | microsoft_semantic_kernel_python_sdk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability requires only low privileges (any authenticated user) and results in a scope change — flag anomalous process spawning from the Semantic Kernel Python SDK process as a high-priority indicator. ↗
- →CVE-2026-26030 is specifically within the InMemoryVectorStore filter functionality of the Semantic Kernel Python SDK; audit code paths that pass user-controlled input into InMemoryVectorStore filter parameters. ↗
- →CVE-2026-26030 was described alongside CVE-2026-25592 as part of a chain that can turn a prompt injection into host-level remote code execution; correlate both CVEs when investigating Semantic Kernel RCE incidents. ↗
- ·The vulnerability only affects Semantic Kernel Python SDK versions prior to 1.39.4; the fixed version is python-1.39.4. Verify the installed package version before applying detection logic. ↗
- ·The vulnerable component is InMemoryVectorStore; applications that do not expose InMemoryVectorStore filter functionality to untrusted network input are not directly exploitable via this path. ↗
- ·Exploitation requires the application to expose filter string submission to untrusted users over the network; internal-only deployments with no untrusted input path have reduced exposure. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_msrc9.9CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
vendor_msrc·2026-03-10·CVSS 9.9
CVE-2026-26030 [CRITICAL] CWE-749 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Description: CVE-2026-26030 is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates updates in the Microsoft Semantic Kernel Repository which address this vulnerability.
Please see CVE-2026-26030 for more information.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of t
GHSA
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
ghsa·2026-02-19
CVE-2026-26030 [CRITICAL] CWE-94 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
### Impact:
An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the `InMemoryVectorStore` filter functionality.
### Patches:
The problem has been fixed in [python-1.39.4](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4). Users should upgrade this version or higher.
### Workarounds:
Avoid using `InMemoryVectorStore` for production scenarios.
### References:
[Release python-1.39.4 · microsoft/semantic-kernel · GitHub](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4)
[PR to block use of dangerous attribute names that must not be accessed in filter expressions](https://github.com/microsoft/se
OSV
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
osv·2026-02-19
CVE-2026-26030 [CRITICAL] Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
### Impact:
An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the `InMemoryVectorStore` filter functionality.
### Patches:
The problem has been fixed in [python-1.39.4](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4). Users should upgrade this version or higher.
### Workarounds:
Avoid using `InMemoryVectorStore` for production scenarios.
### References:
[Release python-1.39.4 · microsoft/semantic-kernel · GitHub](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4)
[PR to block use of dangerous attribute names that must not be accessed in filter expressions](https://github.com/microsoft/se
No detection rules found.
No public exploits indexed.
Hackernews
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
blogs_hackernews·2026-06-19
CVE-2026-26030 AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack , that turns an AI browsing agent into a delivery vehicle for remote code execution.
Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a process on the host.
No credentials, no sign-in screen, and no further user interaction once the agent loads the page. The attacker only has to get the agent to open it, and a planted link, a URL field, or a prompt injection will do.
The flaw sits in AutoGen
Hackernews
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
blogs_hackernews·2026-05-29
CVE-2026-25592 ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks.
The technique has been codenamed ChatGPhish by Permiso Security.
"The chatgpt.com response renderer trusts Markdown links and Markdown image URLs that originated from a third-party page the assistant has just summarized. It auto-fetches those images and surfaces those links as live, clickable el
Sophos
March Patch Tuesday visits 15 product families
blogs_sophos·2026-03-13
March Patch Tuesday visits 15 product families
Akuter Cyberangriff? Fordern Sie Sofort-Hilfe an
Sophos Central
Partner-Portal
Lizenzen & Accounts
Sophos Home
Sophos Central
Sophos-Central-Anmeldung
Sophos KI
Integrationen
Threat Intelligence
Testversion
Endpoint Protection (Next-Gen Antivirus)
EDR – Endpoint Detection and Response
Server Protection
Mobile Security
XDR – Extended Detection and Response
XDR mit Next-Gen SIEM
ITDR – Identity Threat Detection and Response
Next-Gen Firewall (NGFW)
NDR – Network Detection and Response
Netzwerk-Switches
Wireless Access Points
Workspace Protection
Protected Browser
Zero Trust Network Access (ZTNA)
DNS Protection
Email Monitoring System
E-Mail- und Phishing-Schutz
Awareness-Training für Mitarbeitende
Schutz für Cloud Workloads
Cloud Security Posture Management (CSP
Tenable
March 2026 Microsoft Patch Tuesday | Tenable®
blogs_tenable·2026-03-10·CVSS 8.8
CVE-2026-21262 [HIGH] March 2026 Microsoft Patch Tuesday | Tenable®
Blog / Cyber Exposure Alerts
Subscribe
# Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Research Special Operations
March 10, 2026
4 Min Read
1. 8Critical
2. 75Important
3. 0Moderate
4. 0Low
Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.
Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub.
This month’s update includes patches for:
- .NET
- ASP.NET Core
- Active Directory Domain Services
- Azure Arc
- Azure Compute Gallery
- Azure Entra ID
- Azure IoT Explorer
- Azure Linux Virtual Machines
- Azure MCP Server
- Azure Portal Windows Admin Cen
Tenable
March 2026 Microsoft Patch Tuesday | Tenable®
blogs_tenable·2026-03-10
March 2026 Microsoft Patch Tuesday | Tenable®
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
blogs_bleepingcomputer·2026-03-10·CVSS 8.8
[HIGH] Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
## Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
## Lawrence Abrams
The number of bugs in each vulnerability category is listed below:
46 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
18 Remote Code Execution Vulnerabilities
10 Information Disclosure Vulnerabilities
4 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 9 Microsoft Edge flaws, Mariner, Payment Orchestrator Service, Azure, and Microsoft Devices Pricing Program flaws fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the
Wiz
CVE-2026-25592 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-25592 [CRITICAL] CVE-2026-25592 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25592 :
Semantic Kernel vulnerability analysis and mitigation
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed.
Source : NVD
## 9.9
Score
Published February 6, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Semantic Kernel
Has Public Exploit No
Has CISA KEV Expl
Sophos
March Patch Tuesday visits 15 product families
blogs_sophos
March Patch Tuesday visits 15 product families
Share This
Microsoft on Tuesday released 84 patches affecting 15 product families – including a few you’ve possibly never encountered. Eight of the addressed issues are considered by Microsoft to be of Critical severity, though none of those affect Windows, nor are they expected to be exploited within the next 30 days. In addition, five of those Critical issues were in fact addressed by Microsoft in advance of Patch Tuesday itself, as we’ll discuss below. Twenty-two have a CVSS base score of 8.0 or higher, including one with a 9.8 base score. None are known to be under active exploit in the wild, but two are publicly disclosed so far.
At patch time, six CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable
Wiz
CVE-2026-26030 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-26030 [CRITICAL] CVE-2026-26030 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26030 :
Semantic Kernel vulnerability analysis and mitigation
InMemoryVectorStore
python-1.39.4
InMemoryVectorStore
Source : NVD
## 9.9
Score
Published February 19, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Semantic Kernel
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
semantic-kernel
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Semantic Kernel vulnerabilities:
CVE ID
Severity
Score
Technologies
Com
2026-02-19
Published