CVE-2026-25592: Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an
Summary
Microsoft's Semantic Kernel SDK (a tool for building AI agents that work together) had a vulnerability before version 1.70.0 that allowed attackers to write arbitrary files (files placed anywhere on a system) through the SessionsPythonPlugin component. The vulnerability has been fixed in version 1.70.0.
Solution / Mitigation
Update to Microsoft.SemanticKernel.Core version 1.70.0. Alternatively, users can create a Function Invocation Filter (a check that runs before function calls) which inspects the arguments passed to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed (checked against an approved list of file paths).
Vulnerability Details
9.9(critical)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25592
First tracked: February 15, 2026 at 08:36 PM
Classified by LLM (prompt v3) · confidence: 95%