Agents
Microsoft Discloses Two CVSS 10.0 Semantic Kernel RCE Vulnerabilities: Prompt Injection Escalates to Sandbox Escape and Arbitrary Code Execution
Microsoft's Security Blog detailed CVE-2026-25592 (.NET SDK) and CVE-2026-26030 (Python SDK), both CVSS 10.0 sandbox-escape vulnerabilities in Semantic Kernel. The .NET flaw abuses an accidentally-exposed DownloadFileAsync KernelFunction with no path validation. The Python flaw exploits an f-string filter expression in In-Memory Vector Store that bypasses the blocklist via __class__.__bases__[0].__subclasses__() traversal to achieve os.system-equivalent RCE. Patches: .NET SDK 1.71.0, Python SDK 1.39.4.
↳ Follow the thread