CVE-2026-26030 – Microsoft Semantic Kernel Python SDK versions b... (How to Fix)

📋 TL;DR

Microsoft Semantic Kernel Python SDK versions before 1.39.4 contain a remote code execution vulnerability in the InMemoryVectorStore filter functionality. Attackers can execute arbitrary code on affected systems by exploiting improper input validation. This affects all users running vulnerable versions of the Semantic Kernel Python SDK.

💻 Affected Systems

Products:

Microsoft Semantic Kernel Python SDK

Versions: All versions prior to python-1.39.4

Operating Systems: All operating systems running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using InMemoryVectorStore functionality. The vulnerability is in the filter parameter handling.

📦 What is this software?

Semantic Kernel by Microsoft

View all CVEs affecting Semantic Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to data exfiltration, service disruption, or unauthorized access to system resources.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege controls, potentially only affecting the application container.

🌐 Internet-Facing: HIGH - Remote code execution vulnerability that can be exploited without authentication.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to exploitation from compromised internal accounts or lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Based on CVSS 9.9 score and CWE-94 (Improper Control of Generation of Code), exploitation appears straightforward once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: python-1.39.4

Vendor Advisory: https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx

Restart Required: Yes

Instructions:

1. Update Semantic Kernel Python SDK: pip install semantic-kernel==1.39.4
2. Restart all services using the SDK
3. Verify no older versions remain in your environment

🔧 Temporary Workarounds

Avoid InMemoryVectorStore in production

all

Do not use InMemoryVectorStore for production scenarios as recommended by Microsoft

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Apply application-level input validation and sanitization for InMemoryVectorStore filter parameters

🔍 How to Verify

Check if Vulnerable:

Check Semantic Kernel version: python -c "import semantic_kernel; print(semantic_kernel.__version__)" and verify it's below 1.39.4

Check Version:

python -c "import semantic_kernel; print(f'Semantic Kernel version: {semantic_kernel.__version__}')"

Verify Fix Applied:

Confirm version is 1.39.4 or higher using the same command and test InMemoryVectorStore functionality

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Semantic Kernel processes
Unexpected system commands in application logs
Errors or crashes in InMemoryVectorStore operations

Network Indicators:

Unexpected outbound connections from Semantic Kernel services
Command and control traffic patterns

SIEM Query:

process.name:python AND process.args:*semantic_kernel* AND (process.args:*sh* OR process.args:*cmd* OR process.args:*powershell*)

📊 Metadata

CVE ID: CVE-2026-26030

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-94

Published: February 19, 2026

Last Updated: March 3, 2026

🔗 References

https://github.com/microsoft/semantic-kernel/pull/13505 Issue Tracking,Patch
https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4 Release Notes
https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26030, you might also want to check these: