Critical severity9.9NVD Advisory· Published Feb 6, 2026· Updated Apr 15, 2026
CVE-2026-25592
CVE-2026-25592
Description
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
semantic-kernelPyPI | < 1.39.3 | 1.39.3 |
Microsoft.SemanticKernel.CoreNuGet | < 1.71.0 | 1.71.0 |
Affected products
3- ghsa-coords2 versions
< 1.71.0+ 1 more
- (no CPE)range: < 1.71.0
- (no CPE)range: < 1.39.3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2ww3-72rp-wpp4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25592ghsaADVISORY
- github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.csnvdWEB
- github.com/microsoft/semantic-kernel/pull/13478/changesnvdWEB
- github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4nvdWEB
News mentions
3- Red-Team AI Tool Vulnerabilities Let Attackers Exfiltrate API Keys and Compromise Operators’ SystemsCyber Security News · Jun 24, 2026
- AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code ExecutionThe Hacker News · Jun 19, 2026
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing SurfaceThe Hacker News · May 29, 2026