criticalOther UnknownPublish anonymously

Microsoft Semantic Kernel RCE (CVE-2026-26030)

by Publish anonymously · 2 days agoviews 1en

PII protected

Personal information such as emails, phone numbers, IDs and access tokens are automatically masked before publication.

CVSS 9.9. Critical RCE in Microsoft Semantic Kernel Python SDK's InMemoryVectorStore filter functionality. Attackers execute arbitrary code through crafted filter expressions. Semantic Kernel powers many Microsoft Copilot integrations and RAG-based AI applications. Fixed in python-1.39.4.

External Source Attribution

This incident was imported from an external open database. Licensed under CC BY 4.0 or public domain. Original source details below.

Source: AI Incident Database (Open/Stanford License)

Awaiting official response

The official response from the AI provider for this incident.

Community Discussion

0

No comments yet. Start the discussion!

You must sign in to join the discussion.