{"data":{"id":"6096387e-31d3-4dc5-9bdf-70f30efebfd3","title":"GHSA-xjw9-4gw8-4rqx: Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution","summary":"Microsoft's Semantic Kernel Python SDK has an RCE vulnerability (remote code execution, where an attacker can run commands on a system they don't own) in the `InMemoryVectorStore` filter functionality, which allows attackers to execute arbitrary code. The vulnerability affects the library used for building AI applications with vector storage (a database that stores AI embeddings, which are numerical representations of data).","solution":"Upgrade to python-1.39.4 or higher. As a temporary workaround, avoid using `InMemoryVectorStore` for production scenarios.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-xjw9-4gw8-4rqx","publishedAt":"2026-02-19T19:34:14.000Z","cveId":"CVE-2026-26030","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":["semantic-kernel@< 1.39.4 (fixed: 1.39.4)"],"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Semantic Kernel"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00086,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}