AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-xjw9-4gw8-4rqx: Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

criticalvulnerability

security

Source: GitHub Advisory DatabaseFebruary 19, 2026CVE-2026-26030

Summary

Microsoft's Semantic Kernel Python SDK has an RCE vulnerability (remote code execution, where an attacker can run commands on a system they don't own) in the `InMemoryVectorStore` filter functionality, which allows attackers to execute arbitrary code. The vulnerability affects the library used for building AI applications with vector storage (a database that stores AI embeddings, which are numerical representations of data).

Solution / Mitigation

Upgrade to python-1.39.4 or higher. As a temporary workaround, avoid using `InMemoryVectorStore` for production scenarios.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Affected Vendors

Microsoft

Affected Packages

semantic-kernel@< 1.39.4 (fixed: 1.39.4)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 19, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%