CVE-2026-26030 - Vulnerability Details

- Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Published: 2026-02-19

Score: 10 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Semantic Kernel, Microsoft’s Python SDK, contains a flaw in the InMemoryVectorStore filter function that permits arbitrary code execution. The vulnerability is triggered when malicious input is used to craft a filter, which the store processes and evaluates, leading to execution of attacker-supplied code. The weakness corresponds to code injection as described by CWE-94.

Affected Systems

All installations of Microsoft Semantic Kernel Python SDK versions preceding 1.39.4 are affected. The issue exists in the InMemoryVectorStore component of the SDK. Upgrading to version 1.39.4 or later eliminates the problem.

Risk and Exploitability

The vulnerability carries a CVSS score of 10, indicating critical severity. EPSS indicates a very low probability of exploitation (< 1%), and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires an attacker to inject malicious filter content that the application accepts, which could be provided by a remote user if filter input is exposed. Once exploited, the attacker gains full code execution privileges within the process hosting Semantic Kernel.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

microsoft

semantic-kernel

affected

Version	Status	Constraints
`< 1.39.4`	affected	—

Configuration 1 [-]

cpe:2.3:a:microsoft:semantic_kernel:*:*:*:*:*:python:*:*

No data.

Vendor Product Confidence Versions

Microsoft

Semantic-kernel

100%

Version	Status	Scheme	Platform
`[0,1.39.4)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official Semantic Kernel update to version python-1.39.4 or later.
If an immediate upgrade is not feasible, discontinue use of InMemoryVectorStore in any production environment and replace it with a safe alternative storage solution.
Review all code paths that supply filter expressions to ensure they do not accept untrusted input, and validate or sanitize such input before it reaches the vector store.

Generated by OpenCVE AI on April 17, 2026 at 18:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-xjw9-4gw8-4rqx	Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00103.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/microsoft/semantic-kernel/pull/13505
https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4
https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx

History

Tue, 03 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft semantic Kernel
CPEs		cpe:2.3:a:microsoft:semantic_kernel::::::python::*
Vendors & Products		Microsoft semantic Kernel

Fri, 20 Feb 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft semantic-kernel
Vendors & Products		Microsoft Microsoft semantic-kernel

Fri, 20 Feb 2026 01:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 19 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
Title		Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Weaknesses		CWE-94
References		https://github.com/microsoft/semantic-kernel/pull/13505 https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4 https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Microsoft Semantic-kernel Semantic Kernel

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-19T16:00:55.623Z

Updated: 2026-02-26T14:44:14.276Z

Reserved: 2026-02-09T21:36:29.555Z

Link: CVE-2026-26030

Vulnrichment

Updated: 2026-02-19T20:57:43.989Z

NVD

Status : Analyzed

Published: 2026-02-19T17:24:50.487

Modified: 2026-03-03T16:32:10.810

Link: CVE-2026-26030

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object